19bda7d94SCeri Davies.\" 29bda7d94SCeri Davies.\" Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org> 382f9bc9eSOlivier Certner.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> 49bda7d94SCeri Davies.\" 59bda7d94SCeri Davies.\" All rights reserved. 69bda7d94SCeri Davies.\" 79bda7d94SCeri Davies.\" Redistribution and use in source and binary forms, with or without 89bda7d94SCeri Davies.\" modification, are permitted provided that the following conditions 99bda7d94SCeri Davies.\" are met: 109bda7d94SCeri Davies.\" 1. Redistributions of source code must retain the above copyright 119bda7d94SCeri Davies.\" notice, this list of conditions and the following disclaimer. 129bda7d94SCeri Davies.\" 2. Redistributions in binary form must reproduce the above copyright 139bda7d94SCeri Davies.\" notice, this list of conditions and the following disclaimer in the 149bda7d94SCeri Davies.\" documentation and/or other materials provided with the distribution. 159bda7d94SCeri Davies.\" 169bda7d94SCeri Davies.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 179bda7d94SCeri Davies.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 189bda7d94SCeri Davies.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 199bda7d94SCeri Davies.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 209bda7d94SCeri Davies.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 219bda7d94SCeri Davies.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 229bda7d94SCeri Davies.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 239bda7d94SCeri Davies.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 249bda7d94SCeri Davies.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 259bda7d94SCeri Davies.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 269bda7d94SCeri Davies.\" 2782f9bc9eSOlivier Certner.Dd August 18, 2023 289bda7d94SCeri Davies.Dt CR_CANSEE 9 29aa12cea2SUlrich Spörlein.Os 309bda7d94SCeri Davies.Sh NAME 319bda7d94SCeri Davies.Nm cr_cansee 329bda7d94SCeri Davies.Nd "determine visibility of objects given their user credentials" 339bda7d94SCeri Davies.Sh SYNOPSIS 3482f9bc9eSOlivier Certner.In sys/proc.h 359bda7d94SCeri Davies.Ft int 369bda7d94SCeri Davies.Fn cr_cansee "struct ucred *u1" "struct ucred *u2" 379bda7d94SCeri Davies.Sh DESCRIPTION 3882f9bc9eSOlivier CertnerThis function determines if a subject with credential 399bda7d94SCeri Davies.Fa u1 4082f9bc9eSOlivier Certnercan see a subject or object associated to credential 4182f9bc9eSOlivier Certner.Fa u2 . 429bda7d94SCeri Davies.Pp 4382f9bc9eSOlivier CertnerSpecific types of subjects may need to submit to additional or different 4482f9bc9eSOlivier Certnerrestrictions. 4582f9bc9eSOlivier CertnerAs an example, for processes, see 4682f9bc9eSOlivier Certner.Xr p_cansee 9 , 4782f9bc9eSOlivier Certnerwhich calls this function. 4882f9bc9eSOlivier Certner.Pp 4982f9bc9eSOlivier CertnerThe implementation relies on 5082f9bc9eSOlivier Certner.Xr cr_bsd_visible 9 5182f9bc9eSOlivier Certnerand consequently the 529bda7d94SCeri Davies.Xr sysctl 8 5382f9bc9eSOlivier Certnervariables referenced in its manual page influence the result. 549bda7d94SCeri Davies.Sh RETURN VALUES 5582f9bc9eSOlivier CertnerThis function returns zero if the subject with credential 569bda7d94SCeri Davies.Fa u1 579bda7d94SCeri Daviescan 589bda7d94SCeri Davies.Dq see 5982f9bc9eSOlivier Certnerthe subject or object with credential 609bda7d94SCeri Davies.Fa u2 , 619bda7d94SCeri Daviesor 629bda7d94SCeri Davies.Er ESRCH 639bda7d94SCeri Daviesotherwise. 649bda7d94SCeri Davies.Sh ERRORS 659bda7d94SCeri Davies.Bl -tag -width Er 669bda7d94SCeri Davies.It Bq Er ESRCH 6782f9bc9eSOlivier CertnerThe subject with credential 689bda7d94SCeri Davies.Fa u1 6982f9bc9eSOlivier Certnerhas been jailed and the subject or object with credential 709bda7d94SCeri Davies.Fa u2 7182f9bc9eSOlivier Certnerdoes not belong to the same jail or one of its sub-jails, as determined by 7282f9bc9eSOlivier Certner.Xr prison_check 9 . 739bda7d94SCeri Davies.It Bq Er ESRCH 749bda7d94SCeri DaviesThe MAC subsystem denied visibility. 7582f9bc9eSOlivier Certner.It Bq Er ESRCH 7682f9bc9eSOlivier Certner.Xr cr_bsd_visible 9 7782f9bc9eSOlivier Certnerdenied visibility according to the BSD security policies in force. 789bda7d94SCeri Davies.El 799bda7d94SCeri Davies.Sh SEE ALSO 8082f9bc9eSOlivier Certner.Xr cr_bsd_visible 9 , 81*6e1fc011SGraham Percival.Xr mac 9 , 82*6e1fc011SGraham Percival.Xr p_cansee 9 , 83*6e1fc011SGraham Percival.Xr prison_check 9 84