kern_prot.c - OpenGrok cross reference for /freebsd/sys/kern/kern

Deleted Added

sdiffudifftextold (75bc5b3f..)new (87fce2bb..)

kern_prot.c (75bc5b3f22c28ae30ab5a4d50c878c7a757797e2)	kern_prot.c (87fce2bb963f92a6bcea1846cd3d5f0a07cde904)
1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2000, 2001 Robert N. M. Watson. All rights reserved. 5 * (c) UNIX System Laboratories, Inc. 6 * All or some portions of this file are derived from material licensed 7 * to the University of California by American Telephone and Telegraph 8 * Co. or Unix System Laboratories, Inc. and are reproduced herein with --- 1287 unchanged lines hidden (view full) --- 1296 return (EPERM); 1297 if (jailed(cred) && !(flag & PRISON_ROOT)) 1298 return (EPERM); 1299 return (0); 1300} 1301 1302 1303/*	1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2000, 2001 Robert N. M. Watson. All rights reserved. 5 * (c) UNIX System Laboratories, Inc. 6 * All or some portions of this file are derived from material licensed 7 * to the University of California by American Telephone and Telegraph 8 * Co. or Unix System Laboratories, Inc. and are reproduced herein with --- 1287 unchanged lines hidden (view full) --- 1296 return (EPERM); 1297 if (jailed(cred) && !(flag & PRISON_ROOT)) 1298 return (EPERM); 1299 return (0); 1300} 1301 1302 1303/*
1304 * Test securelevel values against passed required securelevel. 1305 * _gt implements (level > securelevel), and _ge implements	1304 * Test (local, globale) securelevel values against passed required 1305 * securelevel. _gt implements (level > securelevel), and _ge implements
1306 * (level >= securelevel). Returns 0 oer EPERM. 1307 * 1308 * cr is permitted to be NULL for the time being, as there were some 1309 * existing securelevel checks that occurred without a process/credential 1310 * context. In the future this will be disallowed, so a kernel 1311 * message is displayed.	1306 * (level >= securelevel). Returns 0 oer EPERM. 1307 * 1308 * cr is permitted to be NULL for the time being, as there were some 1309 * existing securelevel checks that occurred without a process/credential 1310 * context. In the future this will be disallowed, so a kernel 1311 * message is displayed.
1312 * 1313 * XXX: The redundant construction below is to facilitate the merging 1314 * of support for per-jail securelevels, which maintain a local 1315 * jail securelevel in the process credential.
1316 / 1317int 1318securelevel_gt(struct ucred cr, int level) 1319{ 1320 1321 if (cr == NULL) { 1322 printf("securelevel_gt: cr is NULL\n"); 1323 if (level > securelevel) 1324 return (0); 1325 else 1326 return (EPERM);	1312 / 1313int 1314securelevel_gt(struct ucred cr, int level) 1315{ 1316 1317 if (cr == NULL) { 1318 printf("securelevel_gt: cr is NULL\n"); 1319 if (level > securelevel) 1320 return (0); 1321 else 1322 return (EPERM);
1327 } else {	1323 } else if (cr->cr_prison == NULL) {
1328 if (level > securelevel) 1329 return (0); 1330 else 1331 return (EPERM);	1324 if (level > securelevel) 1325 return (0); 1326 else 1327 return (EPERM);
	1328 } else { 1329 if (level > imax(cr->cr_prison->pr_securelevel, securelevel)) 1330 return (0); 1331 else 1332 return (EPERM);
1332 }	1333 }
	1334
1333} 1334 1335int 1336securelevel_ge(struct ucred *cr, int level) 1337{ 1338 1339 if (cr == NULL) { 1340 printf("securelevel_ge: cr is NULL\n"); 1341 if (level >= securelevel) 1342 return (0); 1343 else 1344 return (EPERM);	1335} 1336 1337int 1338securelevel_ge(struct ucred *cr, int level) 1339{ 1340 1341 if (cr == NULL) { 1342 printf("securelevel_ge: cr is NULL\n"); 1343 if (level >= securelevel) 1344 return (0); 1345 else 1346 return (EPERM);
1345 } else {	1347 } if (cr->cr_prison == NULL) {
1346 if (level >= securelevel) 1347 return (0); 1348 else 1349 return (EPERM);	1348 if (level >= securelevel) 1349 return (0); 1350 else 1351 return (EPERM);
	1352 } else { 1353 if (level >= imax(cr->cr_prison->pr_securelevel, securelevel)) 1354 return (0); 1355 else 1356 return (EPERM);
1350 } 1351} 1352 1353/- 1354 Determine if u1 "can see" the subject specified by u2. 1355 * Returns: 0 for permitted, an errno value otherwise 1356 * Locks: none 1357 * References: u1 and u2 must be immutable credentials --- 471 unchanged lines hidden ---	1357 } 1358} 1359 1360/- 1361 Determine if u1 "can see" the subject specified by u2. 1362 * Returns: 0 for permitted, an errno value otherwise 1363 * Locks: none 1364 * References: u1 and u2 must be immutable credentials --- 471 unchanged lines hidden ---