int mac_cred_check_setauid(struct ucred *cred, uid_t auid) { int error; MAC_POLICY_CHECK_NOSLEEP(cred_check_setauid, cred, auid); MAC_CHECK_PROBE2(cred_check_setauid, error, cred, auid); return (error); }
/* * Restrict access to a privilege for a credential. Return failure if any * policy denies access. */ int mac_priv_check(struct ucred *cred, int priv) { int error; MAC_POLICY_CHECK_NOSLEEP(priv_check, cred, priv); MAC_CHECK_PROBE2(priv_check, error, cred, priv); return (error); }
int mac_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) { int error; MAC_POLICY_CHECK_NOSLEEP(cred_check_setaudit, cred, ai); MAC_CHECK_PROBE2(cred_check_setaudit, error, cred, ai); return (error); }
int mac_cred_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) { int error; MAC_POLICY_CHECK_NOSLEEP(cred_check_setaudit_addr, cred, aia); MAC_CHECK_PROBE2(cred_check_setaudit_addr, error, cred, aia); return (error); }
int mac_posixshm_check_create(struct ucred *cred, const char *path) { int error; MAC_POLICY_CHECK_NOSLEEP(posixshm_check_create, cred, path); MAC_CHECK_PROBE2(posixshm_check_create, error, cred, path); return (error); }
int mac_system_check_auditon(struct ucred *cred, int cmd) { int error; MAC_POLICY_CHECK_NOSLEEP(system_check_auditon, cred, cmd); MAC_CHECK_PROBE2(system_check_auditon, error, cred, cmd); return (error); }
int mac_socket_check_stat(struct ucred *cred, struct socket *so) { int error; MAC_POLICY_CHECK_NOSLEEP(socket_check_stat, cred, so, so->so_label); MAC_CHECK_PROBE2(socket_check_stat, error, cred, so); return (error); }
int mac_system_check_reboot(struct ucred *cred, int howto) { int error; MAC_POLICY_CHECK_NOSLEEP(system_check_reboot, cred, howto); MAC_CHECK_PROBE2(system_check_reboot, error, cred, howto); return (error); }
int mac_kenv_check_get(struct ucred *cred, char *name) { int error; MAC_POLICY_CHECK_NOSLEEP(kenv_check_get, cred, name); MAC_CHECK_PROBE2(kenv_check_get, error, cred, name); return (error); }
int mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { int error; MAC_POLICY_CHECK_NOSLEEP(cred_check_visible, cr1, cr2); MAC_CHECK_PROBE2(cred_check_visible, error, cr1, cr2); return (error); }
int mac_cred_check_relabel(struct ucred *cred, struct label *newlabel) { int error; MAC_POLICY_CHECK_NOSLEEP(cred_check_relabel, cred, newlabel); MAC_CHECK_PROBE2(cred_check_relabel, error, cred, newlabel); return (error); }
int mac_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msqrcv, cred, msqkptr, msqkptr->label); MAC_CHECK_PROBE2(sysvmsq_check_msqrcv, error, cred, msqkptr); return (error); }
int mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd) { int error; MAC_POLICY_CHECK_NOSLEEP(posixshm_check_unlink, cred, shmfd, shmfd->shm_label); MAC_CHECK_PROBE2(posixshm_check_unlink, error, cred, shmfd); return (error); }
int mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr) { int error; MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msgrmid, cred, msgptr, msgptr->label); MAC_CHECK_PROBE2(sysvmsq_check_msgrmid, error, cred, msgptr); return (error); }
int mac_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr) { int error; MAC_POLICY_CHECK_NOSLEEP(sysvshm_check_shmdt, cred, shmsegptr, shmsegptr->label); MAC_CHECK_PROBE2(sysvshm_check_shmdt, error, cred, shmsegptr); return (error); }
int mac_proc_check_wait(struct ucred *cred, struct proc *p) { int error; PROC_LOCK_ASSERT(p, MA_OWNED); MAC_POLICY_CHECK_NOSLEEP(proc_check_wait, cred, p); MAC_CHECK_PROBE2(proc_check_wait, error, cred, p); return (error); }
int mac_system_check_swapoff(struct ucred *cred, struct vnode *vp) { int error; ASSERT_VOP_LOCKED(vp, "mac_system_check_swapoff"); MAC_POLICY_CHECK(system_check_swapoff, cred, vp, vp->v_label); MAC_CHECK_PROBE2(system_check_swapoff, error, cred, vp); return (error); }
int mac_kld_check_load(struct ucred *cred, struct vnode *vp) { int error; ASSERT_VOP_LOCKED(vp, "mac_kld_check_load"); MAC_POLICY_CHECK(kld_check_load, cred, vp, vp->v_label); MAC_CHECK_PROBE2(kld_check_load, error, cred, vp); return (error); }
int mac_pipe_check_write(struct ucred *cred, struct pipepair *pp) { int error; mtx_assert(&pp->pp_mtx, MA_OWNED); MAC_POLICY_CHECK_NOSLEEP(pipe_check_write, cred, pp, pp->pp_label); MAC_CHECK_PROBE2(pipe_check_write, error, cred, pp); return (error); }
int mac_system_check_auditctl(struct ucred *cred, struct vnode *vp) { int error; struct label *vl; ASSERT_VOP_LOCKED(vp, "mac_system_check_auditctl"); vl = (vp != NULL) ? vp->v_label : NULL; MAC_POLICY_CHECK(system_check_auditctl, cred, vp, vl); MAC_CHECK_PROBE2(system_check_auditctl, error, cred, vp); return (error); }
int mac_system_check_acct(struct ucred *cred, struct vnode *vp) { int error; if (vp != NULL) { ASSERT_VOP_LOCKED(vp, "mac_system_check_acct"); } MAC_POLICY_CHECK(system_check_acct, cred, vp, vp != NULL ? vp->v_label : NULL); MAC_CHECK_PROBE2(system_check_acct, error, cred, vp); return (error); }
int mac_socket_check_deliver(struct socket *so, struct mbuf *m) { struct label *label; int error; if (mac_policy_count == 0) return (0); label = mac_mbuf_to_label(m); MAC_POLICY_CHECK_NOSLEEP(socket_check_deliver, so, so->so_label, m, label); MAC_CHECK_PROBE2(socket_check_deliver, error, so, m); return (error); }
int mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp) { int error; BPFD_LOCK_ASSERT(d); if (mac_policy_count == 0) return (0); MAC_IFNET_LOCK(ifp); MAC_POLICY_CHECK_NOSLEEP(bpfdesc_check_receive, d, d->bd_label, ifp, ifp->if_label); MAC_CHECK_PROBE2(bpfdesc_check_receive, error, d, ifp); MAC_IFNET_UNLOCK(ifp); return (error); }
int mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *m) { struct label *label; int error; M_ASSERTPKTHDR(m); if (mac_policy_count == 0) return (0); label = mac_mbuf_to_label(m); MAC_IFNET_LOCK(ifp); MAC_POLICY_CHECK_NOSLEEP(ifnet_check_transmit, ifp, ifp->if_label, m, label); MAC_CHECK_PROBE2(ifnet_check_transmit, error, ifp, m); MAC_IFNET_UNLOCK(ifp); return (error); }