mac_portacl.c - OpenGrok cross reference for /freebsd/sys/security/mac_portacl/mac

Lines Matching full:rule
111 struct rule {  struct
117 	TAILQ_ENTRY(rule)	r_entries;  argument
126  * Text format for the rule string is that a rule consists of a
133 static TAILQ_HEAD(rulehead, rule)	rule_head;
139 	struct rule *rule;  in toast_rules()  local
141 	while ((rule = TAILQ_FIRST(head)) != NULL) {  in toast_rules()
142 		TAILQ_REMOVE(head, rule, r_entries);  in toast_rules()
143 		free(rule, M_PORTACL);  in toast_rules()
171 parse_rule_element(char *element, struct rule **rule)  in parse_rule_element()  argument
174 	struct rule *new;  in parse_rule_element()
230 		*rule = NULL;  in parse_rule_element()
232 		*rule = new;  in parse_rule_element()
239 	struct rule *new;  in parse_rules()
261  * Instead, the non-canonical user-generated rule string is returned to the
266 rule_printf(struct sbuf *sb, struct rule *rule)
270 	switch(rule->r_idtype) {
278 		panic("rule_printf: unknown idtype (%d)\n", rule->r_idtype);
281 	switch (rule->r_protocol) {
290 		    rule->r_protocol);
292 	sbuf_printf(sb, "%s:%jd:%s:%d", idtype, (intmax_t)rule->r_id,
293 	    protocol, rule->r_port);
299 	struct rule *rule;
307 	for (rule = TAILQ_FIRST(&rule_head); rule != NULL;
308 	    rule = TAILQ_NEXT(rule, r_entries)) {
313 		rule_printf(sb, rule);
379 	struct rule *rule;  in rules_check()  local
392 	for (rule = TAILQ_FIRST(&rule_head);  in rules_check()
393 	    rule != NULL;  in rules_check()
394 	    rule = TAILQ_NEXT(rule, r_entries)) {  in rules_check()
395 		if (type == SOCK_DGRAM && rule->r_protocol != RULE_PROTO_UDP)  in rules_check()
397 		if (type == SOCK_STREAM && rule->r_protocol != RULE_PROTO_TCP)  in rules_check()
399 		if (port != rule->r_port)  in rules_check()
401 		if (rule->r_idtype == RULE_UID) {  in rules_check()
402 			if (cred->cr_uid == rule->r_id) {  in rules_check()
406 		} else if (rule->r_idtype == RULE_GID) {  in rules_check()
407 			if (cred->cr_gid == rule->r_id) {  in rules_check()
410 			} else if (groupmember(rule->r_id, cred)) {  in rules_check()
415 			panic("rules_check: unknown rule type %d",  in rules_check()
416 			    rule->r_idtype);  in rules_check()
468 	 * flag exempts port 0 allocation from rule checking as long as a low  in socket_check_bind()