1.\" 2.\" Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org> 3.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> 4.\" 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd August 18, 2023 28.Dt CR_CANSEE 9 29.Os 30.Sh NAME 31.Nm cr_cansee 32.Nd "determine visibility of objects given their user credentials" 33.Sh SYNOPSIS 34.In sys/proc.h 35.Ft int 36.Fn cr_cansee "struct ucred *u1" "struct ucred *u2" 37.Sh DESCRIPTION 38This function determines if a subject with credential 39.Fa u1 40can see a subject or object associated to credential 41.Fa u2 . 42.Pp 43Specific types of subjects may need to submit to additional or different 44restrictions. 45As an example, for processes, see 46.Xr p_cansee 9 , 47which calls this function. 48.Pp 49The implementation relies on 50.Xr cr_bsd_visible 9 51and consequently the 52.Xr sysctl 8 53variables referenced in its manual page influence the result. 54.Sh RETURN VALUES 55This function returns zero if the subject with credential 56.Fa u1 57can 58.Dq see 59the subject or object with credential 60.Fa u2 , 61or 62.Er ESRCH 63otherwise. 64.Sh ERRORS 65.Bl -tag -width Er 66.It Bq Er ESRCH 67The subject with credential 68.Fa u1 69has been jailed and the subject or object with credential 70.Fa u2 71does not belong to the same jail or one of its sub-jails, as determined by 72.Xr prison_check 9 . 73.It Bq Er ESRCH 74The MAC subsystem denied visibility. 75.It Bq Er ESRCH 76.Xr cr_bsd_visible 9 77denied visibility according to the BSD security policies in force. 78.El 79.Sh SEE ALSO 80.Xr cr_bsd_visible 9 , 81.Xr mac 9 , 82.Xr p_cansee 9 , 83.Xr prison_check 9 84