xref: /freebsd/share/man/man9/cr_cansee.9 (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1.\"
2.\" Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org>
3.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr>
4.\"
5.\" All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26.\"
27.Dd August 18, 2023
28.Dt CR_CANSEE 9
29.Os
30.Sh NAME
31.Nm cr_cansee
32.Nd "determine visibility of objects given their user credentials"
33.Sh SYNOPSIS
34.In sys/proc.h
35.Ft int
36.Fn cr_cansee "struct ucred *u1" "struct ucred *u2"
37.Sh DESCRIPTION
38This function determines if a subject with credential
39.Fa u1
40can see a subject or object associated to credential
41.Fa u2 .
42.Pp
43Specific types of subjects may need to submit to additional or different
44restrictions.
45As an example, for processes, see
46.Xr p_cansee 9 ,
47which calls this function.
48.Pp
49The implementation relies on
50.Xr cr_bsd_visible 9
51and consequently the
52.Xr sysctl 8
53variables referenced in its manual page influence the result.
54.Sh RETURN VALUES
55This function returns zero if the subject with credential
56.Fa u1
57can
58.Dq see
59the subject or object with credential
60.Fa u2 ,
61or
62.Er ESRCH
63otherwise.
64.Sh ERRORS
65.Bl -tag -width Er
66.It Bq Er ESRCH
67The subject with credential
68.Fa u1
69has been jailed and the subject or object with credential
70.Fa u2
71does not belong to the same jail or one of its sub-jails, as determined by
72.Xr prison_check 9 .
73.It Bq Er ESRCH
74The MAC subsystem denied visibility.
75.It Bq Er ESRCH
76.Xr cr_bsd_visible 9
77denied visibility according to the BSD security policies in force.
78.El
79.Sh SEE ALSO
80.Xr prison_check 9 ,
81.Xr mac 9 ,
82.Xr cr_bsd_visible 9 ,
83.Xr p_cansee 9
84