int mac_proc_check_getlcid (struct proc *p0, struct proc *p, pid_t pid) { int error; if (!mac_proc_enforce || !mac_proc_check_enforce(p0, MAC_PROC_ENFORCE)) return (0); MAC_CHECK(proc_check_getlcid, p0, p, pid); return (error); }
int mac_proc_check_fork(proc_t curp) { kauth_cred_t cred; int error; if (!mac_proc_enforce || !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE)) return (0); cred = kauth_cred_proc_ref(curp); MAC_CHECK(proc_check_fork, cred, curp); kauth_cred_unref(&cred); return (error); }
int mac_proc_check_ledger(proc_t curp, proc_t proc, int ledger_op) { kauth_cred_t cred; int error = 0; if (!mac_proc_enforce || !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE)) return (0); cred = kauth_cred_proc_ref(curp); MAC_CHECK(proc_check_ledger, cred, proc, ledger_op); kauth_cred_unref(&cred); return (error); }
int mac_proc_check_mprotect(proc_t proc, user_addr_t addr, user_size_t size, int prot) { kauth_cred_t cred; int error; if (!mac_vm_enforce || !mac_proc_check_enforce(proc, MAC_VM_ENFORCE)) return (0); cred = kauth_cred_proc_ref(proc); MAC_CHECK(proc_check_mprotect, cred, proc, addr, size, prot); kauth_cred_unref(&cred); return (error); }
/* * The type of maxprot in proc_check_map_anon must be equivalent to vm_prot_t * (defined in <mach/vm_prot.h>). mac_policy.h does not include any header * files, so cannot use the typedef itself. */ int mac_proc_check_map_anon(proc_t proc, user_addr_t u_addr, user_size_t u_size, int prot, int flags, int *maxprot) { kauth_cred_t cred; int error; if (!mac_vm_enforce || !mac_proc_check_enforce(proc, MAC_VM_ENFORCE)) return (0); cred = kauth_cred_proc_ref(proc); MAC_CHECK(proc_check_map_anon, proc, cred, u_addr, u_size, prot, flags, maxprot); kauth_cred_unref(&cred); return (error); }
int mac_proc_check_signal(proc_t curp, struct proc *proc, int signum) { kauth_cred_t cred; int error; if (!mac_proc_enforce || !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE)) return (0); cred = kauth_cred_proc_ref(curp); MAC_CHECK(proc_check_signal, cred, proc, signum); kauth_cred_unref(&cred); return (error); }