134f6230eSRobert Watson /*- 234f6230eSRobert Watson * Copyright (c) 2008 Robert N. M. Watson 334f6230eSRobert Watson * All rights reserved. 434f6230eSRobert Watson * 50ee8da47SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 60ee8da47SRobert Watson * 734f6230eSRobert Watson * Redistribution and use in source and binary forms, with or without 834f6230eSRobert Watson * modification, are permitted provided that the following conditions 934f6230eSRobert Watson * are met: 1034f6230eSRobert Watson * 1. Redistributions of source code must retain the above copyright 1134f6230eSRobert Watson * notice, this list of conditions and the following disclaimer. 1234f6230eSRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 1334f6230eSRobert Watson * notice, this list of conditions and the following disclaimer in the 1434f6230eSRobert Watson * documentation and/or other materials provided with the distribution. 1534f6230eSRobert Watson * 1634f6230eSRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1734f6230eSRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1834f6230eSRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1934f6230eSRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2034f6230eSRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2134f6230eSRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2234f6230eSRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2334f6230eSRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2434f6230eSRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2534f6230eSRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2634f6230eSRobert Watson * SUCH DAMAGE. 2734f6230eSRobert Watson */ 2834f6230eSRobert Watson 2934f6230eSRobert Watson #ifndef _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H 3034f6230eSRobert Watson #define _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H 3134f6230eSRobert Watson 3234f6230eSRobert Watson /* 3334f6230eSRobert Watson * Central access control routines used by object-specific checks. 3434f6230eSRobert Watson */ 35a1b9471aSRobert Watson int ugidfw_accmode2mbi(accmode_t accmode); 3634f6230eSRobert Watson int ugidfw_check(struct ucred *cred, struct vnode *vp, struct vattr *vap, 3734f6230eSRobert Watson int acc_mode); 3834f6230eSRobert Watson int ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode); 3934f6230eSRobert Watson 4034f6230eSRobert Watson /* 4134f6230eSRobert Watson * System access control checks. 4234f6230eSRobert Watson */ 4334f6230eSRobert Watson int ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp, 4434f6230eSRobert Watson struct label *vplabel); 4534f6230eSRobert Watson int ugidfw_system_check_auditctl(struct ucred *cred, struct vnode *vp, 4634f6230eSRobert Watson struct label *vplabel); 4734f6230eSRobert Watson int ugidfw_system_check_swapon(struct ucred *cred, struct vnode *vp, 4834f6230eSRobert Watson struct label *vplabel); 4934f6230eSRobert Watson 5034f6230eSRobert Watson /* 5134f6230eSRobert Watson * Vnode access control checks. 5234f6230eSRobert Watson */ 5334f6230eSRobert Watson int ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp, 5415bc6b2bSEdward Tomasz Napierala struct label *vplabel, accmode_t accmode); 5534f6230eSRobert Watson int ugidfw_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 5634f6230eSRobert Watson struct label *dvplabel); 5734f6230eSRobert Watson int ugidfw_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 5834f6230eSRobert Watson struct label *dvplabel); 5934f6230eSRobert Watson int ugidfw_check_create_vnode(struct ucred *cred, struct vnode *dvp, 6034f6230eSRobert Watson struct label *dvplabel, struct componentname *cnp, 6134f6230eSRobert Watson struct vattr *vap); 6234f6230eSRobert Watson int ugidfw_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 6334f6230eSRobert Watson struct label *vplabel, acl_type_t type); 6434f6230eSRobert Watson int ugidfw_vnode_check_deleteextattr(struct ucred *cred, 6534f6230eSRobert Watson struct vnode *vp, struct label *vplabel, int attrnamespace, 6634f6230eSRobert Watson const char *name); 6734f6230eSRobert Watson int ugidfw_vnode_check_exec(struct ucred *cred, struct vnode *vp, 6834f6230eSRobert Watson struct label *vplabel, struct image_params *imgp, 6934f6230eSRobert Watson struct label *execlabel); 7034f6230eSRobert Watson int ugidfw_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 7134f6230eSRobert Watson struct label *vplabel, acl_type_t type); 7234f6230eSRobert Watson int ugidfw_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 73fefd0ac8SRobert Watson struct label *vplabel, int attrnamespace, const char *name); 7434f6230eSRobert Watson int ugidfw_vnode_check_link(struct ucred *cred, struct vnode *dvp, 7534f6230eSRobert Watson struct label *dvplabel, struct vnode *vp, struct label *label, 7634f6230eSRobert Watson struct componentname *cnp); 7734f6230eSRobert Watson int ugidfw_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 7834f6230eSRobert Watson struct label *vplabel, int attrnamespace); 7934f6230eSRobert Watson int ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 8034f6230eSRobert Watson struct label *dvplabel, struct componentname *cnp); 8134f6230eSRobert Watson int ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp, 8215bc6b2bSEdward Tomasz Napierala struct label *vplabel, accmode_t accmode); 8334f6230eSRobert Watson int ugidfw_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 8434f6230eSRobert Watson struct label *dvplabel); 8534f6230eSRobert Watson int ugidfw_vnode_check_readdlink(struct ucred *cred, struct vnode *vp, 8634f6230eSRobert Watson struct label *vplabel); 8734f6230eSRobert Watson int ugidfw_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 8834f6230eSRobert Watson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 8934f6230eSRobert Watson struct componentname *cnp); 9034f6230eSRobert Watson int ugidfw_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 9134f6230eSRobert Watson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 9234f6230eSRobert Watson int samedir, struct componentname *cnp); 9334f6230eSRobert Watson int ugidfw_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 9434f6230eSRobert Watson struct label *vplabel); 9534f6230eSRobert Watson int ugidfw_check_setacl_vnode(struct ucred *cred, struct vnode *vp, 9634f6230eSRobert Watson struct label *vplabel, acl_type_t type, struct acl *acl); 9734f6230eSRobert Watson int ugidfw_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 98fefd0ac8SRobert Watson struct label *vplabel, int attrnamespace, const char *name); 9934f6230eSRobert Watson int ugidfw_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 10034f6230eSRobert Watson struct label *vplabel, u_long flags); 10134f6230eSRobert Watson int ugidfw_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 10234f6230eSRobert Watson struct label *vplabel, mode_t mode); 10334f6230eSRobert Watson int ugidfw_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 10434f6230eSRobert Watson struct label *vplabel, uid_t uid, gid_t gid); 10534f6230eSRobert Watson int ugidfw_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 10634f6230eSRobert Watson struct label *vplabel, struct timespec atime, 10734f6230eSRobert Watson struct timespec utime); 10834f6230eSRobert Watson int ugidfw_vnode_check_stat(struct ucred *active_cred, 10934f6230eSRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *vplabel); 11034f6230eSRobert Watson int ugidfw_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 11134f6230eSRobert Watson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 11234f6230eSRobert Watson struct componentname *cnp); 11334f6230eSRobert Watson 11434f6230eSRobert Watson #endif /* _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H */ 115