diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2009-03-08 10:58:37 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2009-03-08 10:58:37 +0000 |
| commit | 6f6174a7621e3a97032b067d72d873d1cda60b64 (patch) | |
| tree | a0deefddb5b2eee47d0f494093e5ca46d01ed788 /sys/security/mac/mac_cred.c | |
| parent | 75fd0939b4ab095cc0f66c42d5b6f167b424da62 (diff) | |
| download | src-6f6174a7621e3a97032b067d72d873d1cda60b64.tar.gz src-6f6174a7621e3a97032b067d72d873d1cda60b64.zip | |
Improve the consistency of MAC Framework and MAC policy entry point
naming by renaming certain "proc" entry points to "cred" entry points,
reflecting their manipulation of credentials. For some entry points,
the process was passed into the framework but not into policies; in
these cases, stop passing in the process since we don't need it.
mac_proc_check_setaudit -> mac_cred_check_setaudit
mac_proc_check_setaudit_addr -> mac_cred_check_setaudit_addr
mac_proc_check_setauid -> mac_cred_check_setauid
mac_proc_check_setegid -> mac_cred_check_setegid
mac_proc_check_seteuid -> mac_cred_check_seteuid
mac_proc_check_setgid -> mac_cred_check_setgid
mac_proc_check_setgroups -> mac_cred_ceck_setgroups
mac_proc_check_setregid -> mac_cred_check_setregid
mac_proc_check_setresgid -> mac_cred_check_setresgid
mac_proc_check_setresuid -> mac_cred_check_setresuid
mac_proc_check_setreuid -> mac_cred_check_setreuid
mac_proc_check_setuid -> mac_cred_check_setuid
Obtained from: TrustedBSD Project
Sponsored by: Google, Inc.
Notes
Notes:
svn path=/head/; revision=189529
Diffstat (limited to 'sys/security/mac/mac_cred.c')
| -rw-r--r-- | sys/security/mac/mac_cred.c | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/sys/security/mac/mac_cred.c b/sys/security/mac/mac_cred.c index 8cac7b30df45..41c6e66c0e39 100644 --- a/sys/security/mac/mac_cred.c +++ b/sys/security/mac/mac_cred.c @@ -211,6 +211,132 @@ mac_cred_check_relabel(struct ucred *cred, struct label *newlabel) return (error); } +MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t"); + +int +mac_cred_check_setuid(struct ucred *cred, uid_t uid) +{ + int error; + + MAC_CHECK(cred_check_setuid, cred, uid); + MAC_CHECK_PROBE2(cred_check_setuid, error, cred, uid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE2(cred_check_seteuid, "struct ucred *", "uid_t"); + +int +mac_cred_check_seteuid(struct ucred *cred, uid_t euid) +{ + int error; + + MAC_CHECK(cred_check_seteuid, cred, euid); + MAC_CHECK_PROBE2(cred_check_seteuid, error, cred, euid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE2(cred_check_setgid, "struct ucred *", "gid_t"); + +int +mac_cred_check_setgid(struct ucred *cred, gid_t gid) +{ + int error; + + MAC_CHECK(cred_check_setgid, cred, gid); + MAC_CHECK_PROBE2(cred_check_setgid, error, cred, gid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE2(cred_check_setegid, "struct ucred *", "gid_t"); + +int +mac_cred_check_setegid(struct ucred *cred, gid_t egid) +{ + int error; + + MAC_CHECK(cred_check_setegid, cred, egid); + MAC_CHECK_PROBE2(cred_check_setegid, error, cred, egid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE3(cred_check_setgroups, "struct ucred *", "int", + "gid_t *"); + +int +mac_cred_check_setgroups(struct ucred *cred, int ngroups, gid_t *gidset) +{ + int error; + + MAC_CHECK(cred_check_setgroups, cred, ngroups, gidset); + MAC_CHECK_PROBE3(cred_check_setgroups, error, cred, ngroups, gidset); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE3(cred_check_setreuid, "struct ucred *", "uid_t", + "uid_t"); + +int +mac_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +{ + int error; + + MAC_CHECK(cred_check_setreuid, cred, ruid, euid); + MAC_CHECK_PROBE3(cred_check_setreuid, error, cred, ruid, euid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE3(cred_check_setregid, "struct ucred *", "gid_t", + "gid_t"); + +int +mac_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +{ + int error; + + MAC_CHECK(cred_check_setregid, cred, rgid, egid); + MAC_CHECK_PROBE3(cred_check_setregid, error, cred, rgid, egid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE4(cred_check_setresuid, "struct ucred *", "uid_t", + "uid_t", "uid_t"); + +int +mac_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, + uid_t suid) +{ + int error; + + MAC_CHECK(cred_check_setresuid, cred, ruid, euid, suid); + MAC_CHECK_PROBE4(cred_check_setresuid, error, cred, ruid, euid, + suid); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE4(cred_check_setresgid, "struct ucred *", "gid_t", + "gid_t", "gid_t"); + +int +mac_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) +{ + int error; + + MAC_CHECK(cred_check_setresgid, cred, rgid, egid, sgid); + MAC_CHECK_PROBE4(cred_check_setresgid, error, cred, rgid, egid, + sgid); + + return (error); +} + MAC_CHECK_PROBE_DEFINE2(cred_check_visible, "struct ucred *", "struct ucred *"); |