| mac_cred.c (685dc743dc3b5645e34836464128e1c0558b404b) | mac_cred.c (ddb3eb4efe55e57c206f3534263c77b837aff1dc) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2008-2009 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. --- 195 unchanged lines hidden (view full) --- 204 int error; 205 206 MAC_POLICY_CHECK_NOSLEEP(cred_check_relabel, cred, newlabel); 207 MAC_CHECK_PROBE2(cred_check_relabel, error, cred, newlabel); 208 209 return (error); 210} 211 | 1/*- 2 * Copyright (c) 1999-2002, 2008-2009 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. --- 195 unchanged lines hidden (view full) --- 204 int error; 205 206 MAC_POLICY_CHECK_NOSLEEP(cred_check_relabel, cred, newlabel); 207 MAC_CHECK_PROBE2(cred_check_relabel, error, cred, newlabel); 208 209 return (error); 210} 211 |
| 212/* 213 * Entry hook for setcred(). 214 * 215 * Called with no lock held by setcred() so that MAC modules may allocate memory 216 * in preparation for checking privileges. A call to this hook is always 217 * followed by a matching call to mac_cred_setcred_exit(). Between these two, 218 * setcred() may or may not call mac_cred_check_setcred(). 219 */ 220void 221mac_cred_setcred_enter(void) 222{ 223 MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_enter); 224} 225 226MAC_CHECK_PROBE_DEFINE3(cred_check_setcred, "unsigned int", "struct ucred *", 227 "struct ucred *"); 228 229/* 230 * Check hook for setcred(). 231 * 232 * When called, the current process' lock is held. It thus cannot perform 233 * memory allocations, which must be done in advance in 234 * mac_cred_setcred_enter(). It *MUST NOT* tamper with the process' lock. 235 */ 236int 237mac_cred_check_setcred(u_int flags, const struct ucred *old_cred, 238 struct ucred *new_cred) 239{ 240 int error; 241 242 MAC_POLICY_CHECK_NOSLEEP(cred_check_setcred, flags, old_cred, new_cred); 243 MAC_CHECK_PROBE3(cred_check_setcred, error, flags, old_cred, new_cred); 244 245 return (error); 246} 247 248/* 249 * Exit hook for setcred(). 250 * 251 * Called with no lock held, exactly once per call to mac_cred_setcred_enter(). 252 */ 253void 254mac_cred_setcred_exit(void) 255{ 256 MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_exit); 257} 258 |
|
| 212MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t"); 213 214int 215mac_cred_check_setuid(struct ucred *cred, uid_t uid) 216{ 217 int error; 218 219 MAC_POLICY_CHECK_NOSLEEP(cred_check_setuid, cred, uid); --- 131 unchanged lines hidden --- | 259MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t"); 260 261int 262mac_cred_check_setuid(struct ucred *cred, uid_t uid) 263{ 264 int error; 265 266 MAC_POLICY_CHECK_NOSLEEP(cred_check_setuid, cred, uid); --- 131 unchanged lines hidden --- |