The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/sys/mac.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 /*-
    2  * Copyright (c) 1999-2002 Robert N. M. Watson
    3  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
    4  * Copyright (c) 2005 SPARTA, Inc.
    5  * All rights reserved.
    6  *
    7  * This software was developed by Robert Watson for the TrustedBSD Project.
    8  *
    9  * This software was developed for the FreeBSD Project in part by Network
   10  * Associates Laboratories, the Security Research Division of Network
   11  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   12  * as part of the DARPA CHATS research program.
   13  *
   14  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   15  * N66001-04-C-6019 ("SEFOS").
   16  *
   17  * Redistribution and use in source and binary forms, with or without
   18  * modification, are permitted provided that the following conditions
   19  * are met:
   20  * 1. Redistributions of source code must retain the above copyright
   21  *    notice, this list of conditions and the following disclaimer.
   22  * 2. Redistributions in binary form must reproduce the above copyright
   23  *    notice, this list of conditions and the following disclaimer in the
   24  *    documentation and/or other materials provided with the distribution.
   25  *
   26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   36  * SUCH DAMAGE.
   37  *
   38  * $FreeBSD$
   39  */
   40 /*
   41  * Userland/kernel interface for Mandatory Access Control.
   42  *
   43  * The POSIX.1e implementation page may be reached at:
   44  * http://www.trustedbsd.org/
   45  */
   46 
   47 #ifndef _SYS_MAC_H_
   48 #define _SYS_MAC_H_
   49 
   50 #include <sys/_label.h>
   51 
   52 #ifndef _POSIX_MAC
   53 #define _POSIX_MAC
   54 #endif
   55 
   56 /*
   57  * MAC framework-related constants and limits.
   58  */
   59 #define MAC_MAX_POLICY_NAME             32
   60 #define MAC_MAX_LABEL_ELEMENT_NAME      32
   61 #define MAC_MAX_LABEL_ELEMENT_DATA      4096
   62 #define MAC_MAX_LABEL_BUF_LEN           8192
   63 
   64 struct mac {
   65         size_t           m_buflen;
   66         char            *m_string;
   67 };
   68 
   69 typedef struct mac      *mac_t;
   70 
   71 #ifndef _KERNEL
   72 
   73 /*
   74  * Location of the userland MAC framework configuration file.  mac.conf
   75  * binds policy names to shared libraries that understand those policies,
   76  * as well as setting defaults for MAC-aware applications.
   77  */
   78 #define MAC_CONFFILE    "/etc/mac.conf"
   79 
   80 /*
   81  * Extended non-POSIX.1e interfaces that offer additional services
   82  * available from the userland and kernel MAC frameworks.
   83  */
   84 __BEGIN_DECLS
   85 int      mac_execve(char *fname, char **argv, char **envv, mac_t _label);
   86 int      mac_free(mac_t _label);
   87 int      mac_from_text(mac_t *_label, const char *_text);
   88 int      mac_get_fd(int _fd, mac_t _label);
   89 int      mac_get_file(const char *_path, mac_t _label);
   90 int      mac_get_link(const char *_path, mac_t _label);
   91 int      mac_get_peer(int _fd, mac_t _label);
   92 int      mac_get_pid(pid_t _pid, mac_t _label);
   93 int      mac_get_proc(mac_t _label);
   94 int      mac_is_present(const char *_policyname);
   95 int      mac_prepare(mac_t *_label, const char *_elements);
   96 int      mac_prepare_file_label(mac_t *_label);
   97 int      mac_prepare_ifnet_label(mac_t *_label);
   98 int      mac_prepare_process_label(mac_t *_label);
   99 int      mac_prepare_type(mac_t *_label, const char *_type);
  100 int      mac_set_fd(int _fildes, const mac_t _label);
  101 int      mac_set_file(const char *_path, mac_t _label);
  102 int      mac_set_link(const char *_path, mac_t _label);
  103 int      mac_set_proc(const mac_t _label);
  104 int      mac_syscall(const char *_policyname, int _call, void *_arg);
  105 int      mac_to_text(mac_t mac, char **_text);
  106 __END_DECLS
  107 
  108 #else /* _KERNEL */
  109 
  110 /*
  111  * Kernel functions to manage and evaluate labels.
  112  */
  113 struct bpf_d;
  114 struct cdev;
  115 struct componentname;
  116 struct devfs_dirent;
  117 struct ifnet;
  118 struct ifreq;
  119 struct inpcb;
  120 struct image_params;
  121 struct inpcb;
  122 struct ipq;
  123 struct ksem;
  124 struct m_tag;
  125 struct mbuf;
  126 struct mount;
  127 struct msg;
  128 struct msqid_kernel;
  129 struct proc;
  130 struct semid_kernel;
  131 struct shmid_kernel;
  132 struct sockaddr;
  133 struct socket;
  134 struct sysctl_oid;
  135 struct sysctl_req;
  136 struct pipepair;
  137 struct thread;
  138 struct timespec;
  139 struct ucred;
  140 struct uio;
  141 struct vattr;
  142 struct vnode;
  143 
  144 #include <sys/acl.h>                    /* XXX acl_type_t */
  145 
  146 struct vop_setlabel_args;
  147 
  148 /*
  149  * Label operations.
  150  */
  151 void    mac_init_bpfdesc(struct bpf_d *);
  152 void    mac_init_cred(struct ucred *);
  153 void    mac_init_devfsdirent(struct devfs_dirent *);
  154 void    mac_init_ifnet(struct ifnet *);
  155 int     mac_init_inpcb(struct inpcb *, int flag);
  156 void    mac_init_sysv_msgmsg(struct msg *);
  157 void    mac_init_sysv_msgqueue(struct msqid_kernel*);
  158 void    mac_init_sysv_sem(struct semid_kernel*);
  159 void    mac_init_sysv_shm(struct shmid_kernel*);
  160 int     mac_init_ipq(struct ipq *, int flag);
  161 int     mac_init_socket(struct socket *, int flag);
  162 void    mac_init_pipe(struct pipepair *);
  163 void    mac_init_posix_sem(struct ksem *);
  164 int     mac_init_mbuf(struct mbuf *mbuf, int flag);
  165 int     mac_init_mbuf_tag(struct m_tag *, int flag);
  166 void    mac_init_mount(struct mount *);
  167 void    mac_init_proc(struct proc *);
  168 void    mac_init_vnode(struct vnode *);
  169 void    mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to);
  170 void    mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
  171 void    mac_copy_vnode_label(struct label *, struct label *label);
  172 void    mac_destroy_bpfdesc(struct bpf_d *);
  173 void    mac_destroy_cred(struct ucred *);
  174 void    mac_destroy_devfsdirent(struct devfs_dirent *);
  175 void    mac_destroy_ifnet(struct ifnet *);
  176 void    mac_destroy_inpcb(struct inpcb *);
  177 void    mac_destroy_sysv_msgmsg(struct msg *);
  178 void    mac_destroy_sysv_msgqueue(struct msqid_kernel *);
  179 void    mac_destroy_sysv_sem(struct semid_kernel *);
  180 void    mac_destroy_sysv_shm(struct shmid_kernel *);
  181 void    mac_destroy_ipq(struct ipq *);
  182 void    mac_destroy_socket(struct socket *);
  183 void    mac_destroy_pipe(struct pipepair *);
  184 void    mac_destroy_posix_sem(struct ksem *);
  185 void    mac_destroy_proc(struct proc *);
  186 void    mac_destroy_mbuf_tag(struct m_tag *);
  187 void    mac_destroy_mount(struct mount *);
  188 void    mac_destroy_vnode(struct vnode *);
  189 
  190 struct label    *mac_cred_label_alloc(void);
  191 void             mac_cred_label_free(struct label *label);
  192 struct label    *mac_vnode_label_alloc(void);
  193 void             mac_vnode_label_free(struct label *label);
  194 
  195 /*
  196  * Labeling event operations: file system objects, and things that
  197  * look a lot like file system objects.
  198  */
  199 void    mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
  200             struct vnode *vp);
  201 int     mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
  202 void    mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
  203 void    mac_create_devfs_device(struct ucred *cred, struct mount *mp,
  204             struct cdev *dev, struct devfs_dirent *de);
  205 void    mac_create_devfs_directory(struct mount *mp, char *dirname,
  206             int dirnamelen, struct devfs_dirent *de);
  207 void    mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
  208             struct devfs_dirent *dd, struct devfs_dirent *de);
  209 int     mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
  210             struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
  211 void    mac_create_mount(struct ucred *cred, struct mount *mp);
  212 void    mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
  213             struct label *newlabel);
  214 void    mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
  215             struct vnode *vp);
  216 
  217 /*
  218  * Labeling event operations: IPC objects.
  219  */
  220 void    mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
  221 void    mac_create_socket(struct ucred *cred, struct socket *socket);
  222 void    mac_create_socket_from_socket(struct socket *oldsocket,
  223             struct socket *newsocket);
  224 void    mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
  225             struct socket *socket);
  226 void    mac_set_socket_peer_from_socket(struct socket *oldsocket,
  227             struct socket *newsocket);
  228 void    mac_create_pipe(struct ucred *cred, struct pipepair *pp);
  229 
  230 /*
  231  * Labeling event operations: System V IPC primitives
  232  */
  233 void    mac_create_sysv_msgmsg(struct ucred *cred,
  234             struct msqid_kernel *msqkptr, struct msg *msgptr);
  235 void    mac_create_sysv_msgqueue(struct ucred *cred,
  236             struct msqid_kernel *msqkptr);
  237 void    mac_create_sysv_sem(struct ucred *cred,
  238             struct semid_kernel *semakptr);
  239 void    mac_create_sysv_shm(struct ucred *cred,
  240             struct shmid_kernel *shmsegptr);
  241 
  242 /*
  243  * Labeling event operations: POSIX (global/inter-process) semaphores.
  244  */
  245 void    mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr);
  246 
  247 
  248 /*
  249  * Labeling event operations: network objects.
  250  */
  251 void    mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
  252 void    mac_create_ifnet(struct ifnet *ifp);
  253 void    mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp);
  254 void    mac_create_ipq(struct mbuf *fragment, struct ipq *ipq);
  255 void    mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
  256 void    mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment);
  257 void    mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m);
  258 void    mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m);
  259 void    mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
  260 void    mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
  261 void    mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
  262             struct ifnet *ifnet, struct mbuf *newmbuf);
  263 void    mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf);
  264 int     mac_fragment_match(struct mbuf *fragment, struct ipq *ipq);
  265 void    mac_reflect_mbuf_icmp(struct mbuf *m);
  266 void    mac_reflect_mbuf_tcp(struct mbuf *m);
  267 void    mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
  268 void    mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
  269 
  270 void    mac_create_mbuf_from_firewall(struct mbuf *m);
  271 /*
  272  * Labeling event operations: processes.
  273  */
  274 void    mac_copy_cred(struct ucred *cr1, struct ucred *cr2);
  275 int     mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
  276 void    mac_execve_exit(struct image_params *imgp);
  277 void    mac_execve_transition(struct ucred *old, struct ucred *new,
  278             struct vnode *vp, struct label *interpvnodelabel,
  279             struct image_params *imgp);
  280 int     mac_execve_will_transition(struct ucred *old, struct vnode *vp,
  281             struct label *interpvnodelabel, struct image_params *imgp);
  282 void    mac_create_proc0(struct ucred *cred);
  283 void    mac_create_proc1(struct ucred *cred);
  284 void    mac_thread_userret(struct thread *td);
  285 
  286 /*
  287  * Label cleanup operation: This is the inverse complement for the
  288  * mac_create and associate type of hooks. This hook lets the policy
  289  * module(s) perform a cleanup/flushing operation on the label
  290  * associated with the objects, without freeing up the space allocated.
  291  * This hook is useful in cases where it is desirable to remove any
  292  * labeling reference when recycling any object to a pool. This hook
  293  * does not replace the mac_destroy hooks.
  294  */
  295 void    mac_cleanup_sysv_msgmsg(struct msg *msgptr);
  296 void    mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr);
  297 void    mac_cleanup_sysv_sem(struct semid_kernel *semakptr);
  298 void    mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr);
  299 
  300 /* Access control checks. */
  301 int     mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
  302 int     mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
  303 int     mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
  304 int     mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
  305 int     mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
  306             struct msqid_kernel *msqkptr);
  307 int     mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr);
  308 int     mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr);
  309 int     mac_check_sysv_msqget(struct ucred *cred,
  310             struct msqid_kernel *msqkptr);
  311 int     mac_check_sysv_msqsnd(struct ucred *cred,
  312             struct msqid_kernel *msqkptr);
  313 int     mac_check_sysv_msqrcv(struct ucred *cred,
  314             struct msqid_kernel *msqkptr);
  315 int     mac_check_sysv_msqctl(struct ucred *cred,
  316             struct msqid_kernel *msqkptr, int cmd);
  317 int     mac_check_sysv_semctl(struct ucred *cred,
  318             struct semid_kernel *semakptr, int cmd);
  319 int     mac_check_sysv_semget(struct ucred *cred,
  320            struct semid_kernel *semakptr);
  321 int     mac_check_sysv_semop(struct ucred *cred,struct semid_kernel *semakptr,
  322             size_t accesstype);
  323 int     mac_check_sysv_shmat(struct ucred *cred,
  324             struct shmid_kernel *shmsegptr, int shmflg);
  325 int     mac_check_sysv_shmctl(struct ucred *cred,
  326             struct shmid_kernel *shmsegptr, int cmd);
  327 int     mac_check_sysv_shmdt(struct ucred *cred,
  328             struct shmid_kernel *shmsegptr);
  329 int     mac_check_sysv_shmget(struct ucred *cred,
  330             struct shmid_kernel *shmsegptr, int shmflg);
  331 int     mac_check_kenv_dump(struct ucred *cred);
  332 int     mac_check_kenv_get(struct ucred *cred, char *name);
  333 int     mac_check_kenv_set(struct ucred *cred, char *name, char *value);
  334 int     mac_check_kenv_unset(struct ucred *cred, char *name);
  335 int     mac_check_kld_load(struct ucred *cred, struct vnode *vp);
  336 int     mac_check_kld_stat(struct ucred *cred);
  337 int     mac_check_kld_unload(struct ucred *cred);
  338 int     mac_check_mount_stat(struct ucred *cred, struct mount *mp);
  339 int     mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
  340             unsigned long cmd, void *data);
  341 int     mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp);
  342 int     mac_check_pipe_read(struct ucred *cred, struct pipepair *pp);
  343 int     mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp);
  344 int     mac_check_pipe_write(struct ucred *cred, struct pipepair *pp);
  345 int     mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr);
  346 int     mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr);
  347 int     mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr);
  348 int     mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr);
  349 int     mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr);
  350 int     mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
  351 int     mac_check_proc_debug(struct ucred *cred, struct proc *proc);
  352 int     mac_check_proc_sched(struct ucred *cred, struct proc *proc);
  353 int     mac_check_proc_setuid(struct proc *proc,  struct ucred *cred,
  354             uid_t uid);
  355 int     mac_check_proc_seteuid(struct proc *proc, struct ucred *cred,
  356             uid_t euid);
  357 int     mac_check_proc_setgid(struct proc *proc, struct ucred *cred,
  358             gid_t gid);
  359 int     mac_check_proc_setegid(struct proc *proc, struct ucred *cred,
  360             gid_t egid);
  361 int     mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
  362             int ngroups, gid_t *gidset);
  363 int     mac_check_proc_setreuid(struct proc *proc, struct ucred *cred,
  364             uid_t ruid, uid_t euid);
  365 int     mac_check_proc_setregid(struct proc *proc, struct ucred *cred,
  366             gid_t rgid, gid_t egid);
  367 int     mac_check_proc_setresuid(struct proc *proc, struct ucred *cred,
  368             uid_t ruid, uid_t euid, uid_t suid);
  369 int     mac_check_proc_setresgid(struct proc *proc, struct ucred *cred,
  370             gid_t rgid, gid_t egid, gid_t sgid);
  371 int     mac_check_proc_signal(struct ucred *cred, struct proc *proc,
  372             int signum);
  373 int     mac_check_proc_wait(struct ucred *cred, struct proc *proc);
  374 int     mac_check_socket_accept(struct ucred *cred, struct socket *so);
  375 int     mac_check_socket_bind(struct ucred *cred, struct socket *so,
  376             struct sockaddr *sockaddr);
  377 int     mac_check_socket_connect(struct ucred *cred, struct socket *so,
  378             struct sockaddr *sockaddr);
  379 int     mac_check_socket_create(struct ucred *cred, int domain, int type,
  380             int protocol);
  381 int     mac_check_socket_deliver(struct socket *so, struct mbuf *m);
  382 int     mac_check_socket_listen(struct ucred *cred, struct socket *so);
  383 int     mac_check_socket_poll(struct ucred *cred, struct socket *so);
  384 int     mac_check_socket_receive(struct ucred *cred, struct socket *so);
  385 int     mac_check_socket_send(struct ucred *cred, struct socket *so);
  386 int     mac_check_socket_stat(struct ucred *cred, struct socket *so);
  387 int     mac_check_socket_visible(struct ucred *cred, struct socket *so);
  388 int     mac_check_sysarch_ioperm(struct ucred *cred);
  389 int     mac_check_system_acct(struct ucred *cred, struct vnode *vp);
  390 int     mac_check_system_nfsd(struct ucred *cred);
  391 int     mac_check_system_reboot(struct ucred *cred, int howto);
  392 int     mac_check_system_settime(struct ucred *cred);
  393 int     mac_check_system_swapon(struct ucred *cred, struct vnode *vp);
  394 int     mac_check_system_swapoff(struct ucred *cred, struct vnode *vp);
  395 int     mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
  396             void *arg1, int arg2, struct sysctl_req *req);
  397 int     mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
  398             int acc_mode);
  399 int     mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
  400 int     mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
  401 int     mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
  402             struct componentname *cnp, struct vattr *vap);
  403 int     mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
  404             struct vnode *vp, struct componentname *cnp);
  405 int     mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
  406             acl_type_t type);
  407 int     mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
  408             int attrnamespace, const char *name);
  409 int     mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
  410             struct image_params *imgp);
  411 int     mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
  412             acl_type_t type);
  413 int     mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
  414             int attrnamespace, const char *name, struct uio *uio);
  415 int     mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
  416             struct vnode *vp, struct componentname *cnp);
  417 int     mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
  418             int attrnamespace);
  419 int     mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
  420             struct componentname *cnp);
  421 int     mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
  422             int prot, int flags);
  423 int     mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
  424             int prot);
  425 int     mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
  426             int acc_mode);
  427 int     mac_check_vnode_poll(struct ucred *active_cred,
  428             struct ucred *file_cred, struct vnode *vp);
  429 int     mac_check_vnode_read(struct ucred *active_cred,
  430             struct ucred *file_cred, struct vnode *vp);
  431 int     mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
  432 int     mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
  433 int     mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
  434             struct vnode *vp, struct componentname *cnp);
  435 int     mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
  436             struct vnode *vp, int samedir, struct componentname *cnp);
  437 int     mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
  438 int     mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
  439             acl_type_t type, struct acl *acl);
  440 int     mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
  441             int attrnamespace, const char *name, struct uio *uio);
  442 int     mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
  443             u_long flags);
  444 int     mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
  445             mode_t mode);
  446 int     mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
  447             uid_t uid, gid_t gid);
  448 int     mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
  449             struct timespec atime, struct timespec mtime);
  450 int     mac_check_vnode_stat(struct ucred *active_cred,
  451             struct ucred *file_cred, struct vnode *vp);
  452 int     mac_check_vnode_write(struct ucred *active_cred,
  453             struct ucred *file_cred, struct vnode *vp);
  454 int     mac_getsockopt_label(struct ucred *cred, struct socket *so,
  455             struct mac *extmac);
  456 int     mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
  457             struct mac *extmac);
  458 int     mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
  459             struct ifnet *ifnet);
  460 int     mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
  461             struct ifnet *ifnet);
  462 int     mac_setsockopt_label(struct ucred *cred, struct socket *so,
  463             struct mac *extmac);
  464 int     mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
  465             struct label *label);
  466 void    mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
  467 void    mac_associate_nfsd_label(struct ucred *cred);
  468 
  469 /*
  470  * Calls to help various file systems implement labeling functionality
  471  * using their existing EA implementation.
  472  */
  473 int     vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
  474 
  475 #endif /* !_KERNEL */
  476 
  477 #endif /* !_SYS_MAC_H_ */

Cache object: d803d2a197b6590d8d008f013b7edf73

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.