Date: Thu, 25 Jul 2002 15:26:38 -0700 (PDT) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14920 for review Message-ID: <200207252226.g6PMQcYk049978@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14920 Change 14920 by chris@chris_holly on 2002/07/25 15:26:22 o Process labeling event ops o Access control checks That's "all" of the entry points, so far! Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#8 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#8 (text+ko) ==== @@ -2865,20 +2865,651 @@ </sect3> </sect2> + <sect2 id="mac-proc-labeling-event-ops"> + <title>Process Labeling Event Operations</title> + + <para>...</para> + + <sect3 id="mac-mpo-create-subject"> + <title><function>&mac.mpo;_create_subject</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_create_subject</function></funcdef> + + <paramdef>struct ucred + *<parameter>parent_cred</parameter></paramdef> + <paramdef>struct ucred + *<parameter>child_cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>parent_cred</parameter></entry> + <entry>Parent subject credential</entry> + </row> + + <row> + <entry><parameter>child_cred</parameter></entry> + <entry>Child subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <!-- XXX manref --> + <para>Set the label of a newly created subject credential from + the passed subject credential. This call will be made when + crcopy(9) is invoked on a newly created <type>struct + ucred</type>. This call should not be confused with a + process forking or creation event.</para> + </sect3> + + <sect3 id="mac-mpo-execve-transition"> + <title><function>&mac.mpo;_execve_transition</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_execve_transition</function></funcdef> + + <paramdef>struct ucred + *<parameter>old</parameter></paramdef> + <paramdef>struct ucred + *<parameter>new</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vnodelabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>old</parameter></entry> + <entry>Existing subject credential</entry> + <entry>Immutable</entry> + </row> + + <row> + <entry><parameter>new</parameter></entry> + <entry>New subject credential to be labeled</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>File to execute</entry> + <entry>Locked</entry> + </row> + + <row> + <entry><parameter>vnodelabel</parameter></entry> + <entry>Policy label for + <parameter>vp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Update the label of a newly created subject credential + (<parameter>new</parameter>) from the passed existing + subject credential (<parameter>old</parameter>) based on a + label transition caused by executing the passed vnode + (<parameter>vp</parameter>). This call occurs when a + process executes the passed vnode and one of the policies + returns a success from the + <function>mpo_execve_will_transition</function> entry point. + Policies may choose to implement this call simply by + invoking <function>mpo_create_subject</function> and passing + the two subject credentials so as not to implement a + transitioning event. Policies should not leave this entry + point unimplemented if they implement + <function>mpo_create_subject</function>, even if they do not + implement + <function>mpo_execve_will_transition</function>.</para> + </sect3> + + <sect3 id="mac-mpo-execve-will-transition"> + <title><function>&mac.mpo;_execve_will_transition</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_execve_will_transition</function></funcdef> + + <paramdef>struct ucred + *<parameter>old</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vnodelabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>old</parameter></entry> + <entry>Subject credential prior to + &man.execve.2;</entry> + <entry>Immutable</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>File to execute</entry> + </row> + + <row> + <entry><parameter>vnodelabel</parameter></entry> + <entry>Policy label for + <parameter>vp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the policy will want to perform a + transition event as a result of the execution of the passed + vnode by the passed subject credential. Return + <returnvalue>1</returnvalue> if a transition is required, + <returnvalue>0</returnvalue> if not. Even if a policy + returns <returnvalue>0</returnvalue>, it should behave + correctly in the presence of an unexpected invocation of + <function>mpo_execve_transition</function>, as that call may + happen as a result of another policy requesting a + transition.</para> + </sect3> + + <sect3 id="mac-mpo-create-proc0"> + <title><function>&mac.mpo;_create_proc0</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_create_proc0</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential to be filled in</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Create the subject credential of process 0, the parent + of all kernel processes.</para> + </sect3> + + <sect3 id="mac-mpo-create-proc1"> + <title><function>&mac.mpo;_create_proc1</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_create_proc1</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential to be filled in</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Create the subject credential of process 1, the parent + of all kernel processes.</para> + </sect3> + + <sect3 id="mac-mpo-relabel-subject"> + <title><function>&mac.mpo;_relabel_subject</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_relabel_subject</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>Label update to apply to + <parameter>cred</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Update the label on a subject credential from the passed + update label.</para> + </sect3> + </sect2> + <sect2 id="mac-access-control-checks"> <title>Access Control Checks</title> <para>Access control checks are implemented as checks supplementary to existing Unix permissions.</para> + <sect3 id="mac-mpo-bpfdesc-check-receive-from-ifnet"> + <title><function>&mac.mpo;_bpfdesc_check_receive_from_ifnet</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_bpfdesc_check_receive_from_ifnet</function></funcdef> + + <paramdef>struct bpf_d + *<parameter>bpf_d</parameter></paramdef> + <paramdef>struct label + *<parameter>bpflabel</parameter></paramdef> + <paramdef>struct ifnet + *<parameter>ifnet</parameter></paramdef> + <paramdef>struct label + *<parameter>ifnetlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>bpf_d</parameter></entry> + <entry>Subject; BPF descriptor</entry> + </row> + + <row> + <entry><parameter>bpflabel</parameter></entry> + <entry>Policy label for + <parameter>bpf_d</parameter></entry> + </row> + + <row> + <entry><parameter>ifnet</parameter></entry> + <entry>Object; network interface</entry> + </row> + + <row> + <entry><parameter>ifnetlabel</parameter></entry> + <entry>Policy label for + <parameter>ifnet</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the MAC framework should permit + datagrams from the passed interface to be delivered to the + buffers of the passed BPF descriptor. Return + (<returnvalue>0</returnvalue>) for success, or an + <varname>errno</varname> value for failure Suggested + failure: <errorcode>EACCES</errorcode> for label mismatches, + <errorcode>EPERM</errorcode> for lack of privilege.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-bind-socket"> + <title><function>&mac.mpo;_cred_check_bind_socket</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_bind_socket</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct socket + *<parameter>socket</parameter></paramdef> + <paramdef>struct label + *<parameter>socketlabel</parameter></paramdef> + <paramdef>struct sockaddr + *<parameter>sockaddr</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>socket</parameter></entry> + <entry>Socket to be bound</entry> + </row> + + <row> + <entry><parameter>socketlabel</parameter></entry> + <entry>Policy label for + <parameter>socket</parameter></entry> + </row> + + <row> + <entry><parameter>sockaddr</parameter></entry> + <entry>Address of + <parameter>socket</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + </sect3> + + <sect3 id="mac-mpo-cred-check-connect-socket"> + <title><function>&mac.mpo;_cred_check_connect_socket</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_connect_socket</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct socket + *<parameter>socket</parameter></paramdef> + <paramdef>struct label + *<parameter>socketlabel</parameter></paramdef> + <paramdef>struct sockaddr + *<parameter>sockaddr</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>socket</parameter></entry> + <entry>Socket to be connected</entry> + </row> + + <row> + <entry><parameter>socketlabel</parameter></entry> + <entry>Policy label for + <parameter>socket</parameter></entry> + </row> + + <row> + <entry><parameter>sockaddr</parameter></entry> + <entry>Address of + <parameter>socket</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential + (<parameter>cred</parameter>) can connect the passed socket + (<parameter>socket</parameter>) to the passed socket address + (<parameter>sockaddr</parameter>). Return + <returnvalue>0</returnvalue> for success, or an + <varname>errno</varname> value for failure. Suggested + failure: <errorcode>EACCES</errorcode> for label mismatches, + <errorcode>EPERM</errorcode> for lack of privilege.</para> + </sect3> + + <sect3> + <title><function>&mac.mpo;_cred_check_see_cred</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_see_cred</function></funcdef> + + <paramdef>struct ucred + *<parameter>u1</parameter></paramdef> + <paramdef>struct ucred + *<parameter>u2</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>u1</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>u2</parameter></entry> + <entry>Object credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential + <parameter>u1</parameter> can <quote>see</quote> other + subjects with the passed subject credential + <parameter>u2</parameter>. Return + <returnvalue>0</returnvalue> for success, or an + <varname>errno</varname> value for failure. Suggested + failure: <errorcode>EACCES</errorcode> for label mismatches, + <errorcode>EPERM</errorcode> for lack of privilege, or + <errorcode>ESRCH</errorcode> to hide visibility. This call + may be made in a number of situations, including + inter-process status sysctls used by <command>ps</command>, + and in procfs lookups.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-see-socket"> + <title><function>&mac.mpo;_cred_check_see_socket</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_see_socket</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct socket + *<parameter>socket</parameter></paramdef> + <paramdef>struct label + *<parameter>socketlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>socket</parameter></entry> + <entry>Object; socket</entry> + </row> + + <row> + <entry><parameter>socketlabel</parameter></entry> + <entry>Policy label for + <parameter>socket</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + </sect3> + + <sect3 id="mac-mpo-cred-check-relabel-ifnet"> + <title><function>&mac.mpo;_cred_check_relabel_ifnet</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_relabel_ifnet</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct ifnet + *<parameter>ifnet</parameter></paramdef> + <paramdef>struct label + *<parameter>ifnetlabel</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>ifnet</parameter></entry> + <entry>Object; network interface</entry> + </row> + + <row> + <entry><parameter>ifnetlabel</parameter></entry> + <entry>Existing policy label for + <parameter>ifnet</parameter></entry> + </row> + + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>Policy label update to later be applied to + <parameter>ifnet</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential can relabel the + passed network interface to the passed label update.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-relabel-socket"> + <title><function>&mac.mpo;_cred_check_relabel_socket</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_relabel_socket</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct socket + *<parameter>socket</parameter></paramdef> + <paramdef>struct label + *<parameter>socketlabel</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>socket</parameter></entry> + <entry>Object; socket</entry> + </row> + + <row> + <entry><parameter>socketlabel</parameter></entry> + <entry>Existing policy label for + <parameter>socket</parameter></entry> + </row> + + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>Label update to later be applied to + <parameter>socketlabel</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential can relabel the + passed socket to the passed label update.</para> + </sect3> + <sect3 id="mac-mpo-cred-check-relabel-subject"> <title><function>&mac.mpo;_cred_check_relabel_subject</function></title> <funcsynopsis> <funcprototype> <funcdef>int - <function>&mac.mpo;_cred_check_relabel_subject</function> - </funcdef> + <function>&mac.mpo;_cred_check_relabel_subject</function></funcdef> <paramdef>struct ucred *<parameter>cred</parameter></paramdef> @@ -2890,50 +3521,101 @@ <informaltable> <tgroup cols="3"> &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>Label update to later be applied to + <parameter>cred</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential can relabel + itself to the passed label update.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-relabel-vnode"> + <title><function>&mac.mpo;_cred_check_relabel_vnode</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_relabel_vnode</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vnodelabel</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + <tbody> <row> <entry><parameter>cred</parameter></entry> <entry>Subject credential</entry> + <entry>Immutable</entry> </row> <row> - <entry><parameter>newlabel</parameter</entry> - <entry>New label to apply to subject</entry> + <entry><parameter>vp</parameter></entry> + <entry>Object; vnode</entry> + <entry>Locked</entry> + </row> + + <row> + <entry><parameter>vnodelabel</parameter></entry> + <entry>Existing policy label for + <parameter>vp</parameter></entry> + </row> + + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>Policy label update to later be applied to + <parameter>vp</parameter></entry> + </row> </tbody> </tgroup> </informaltable> - <para>This policy operation is intended to determine whether a - subject should be allowed to change its label. Generally, - this is implemented by checking if the subject would be - upgrading its own privilege by making the requested change, - and denying (returning typically - <errorcode>EPERM</errorcode>) the request if so.</para> + <para>Determine whether the subject credential can relabel the + passed vnode to the passed label update.</para> </sect3> - <sect3 id="mac-mpo-cred-check-statfs"> - <title><function>&mac.mpo;_cred_check_statfs</function</title> + <sect3 id="mpo-cred-check-statfs"> + <title><function>&mac.mpo;_cred_check_statfs</function></title> <funcsynopsis> <funcprototype> - <funcdef>int - <function>&mac.mpo;_cred_check_statfs</function> - </funcdef> + <funcdef>int <function>&mac.mpo;_cred_check_statfs</function></funcdef> <paramdef>struct ucred *<parameter>cred</parameter></paramdef> <paramdef>struct mount *<parameter>mp</parameter></paramdef> <paramdef>struct label - *<parameter>mntlabel</parameter></paramdef> + *<parameter>mountlabel</parameter></paramdef> </funcprototype> </funcsynopsis> <informaltable> <tgroup cols="3"> &mac.thead; - + <tbody> <row> <entry><parameter>cred</parameter></entry> @@ -2942,29 +3624,28 @@ <row> <entry><parameter>mp</parameter></entry> - <entry>Object; file system mount point</entry> + <entry>Object; file system mount</entry> </row> <row> - <entry><parameter>mntlabel</parameter></entry> - <entry>Object label</entry> + <entry><parameter>mountlabel</parameter></entry> + <entry>Policy label for + <parameter>mp</parameter></entry> + </row> </tbody> </tgroup> </informaltable> - <para>This policy operation is intended to determine whether a - specified subject should be allowed to retrieve file system - statistics information. Generally a policy module - implementing this operation would compare the subject label - (<varname>cred->cr_label</varname>) to the object label - (<varname>mntlabel</varname>) and return - <literal>0</literal> if the subject is to be granted the - information requested, and <errorcode>EACCES</errorcode> - otherwise.</para> - - <note><para>Figure out a scenario where using - <parameter>mp</parameter> is immenently practical, especially - for use in the sample module.</para></note> + <para>Determine whether the subject credential can see the + results of a statfs performed on the file system. Return + <returnvalue>0</returnvalue> for success, or an + <varname>errno</varname> value for failure. Suggested + failure: <errorcode>EACCES</errorcode> for label mismatches + or <errorcode>EPERM</errorcode> for lack of privilege. This + call may be made in a number of situations, including during + invocations of &man.statfs.2; and related calls, as well as to + determine what file systems to exclude from listings of file + systems, such as when &man.getfsstat.2; is invoked. </para> </sect3> <sect3 id="mac-mpo-cred-check-debug-proc"> @@ -2973,11 +3654,1390 @@ <funcsynopsis> <funcprototype> <funcdef>int - <function>&mac.mpo;_cred_check_debug_proc</function> - </funcdef> + <function>&mac.mpo;_cred_check_debug_proc</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct proc + *<parameter>proc</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + <entry>Immutable</entry> + </row> + + <row> + <entry><parameter>proc</parameter></entry> + <entry>Object; process</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential can debug the + passed process. Return <returnvalue>0</returnvalue> for + success, or an <varname>errno</varname> value for failure. + Suggested failure: <errorcode>EACCES</errorcode> for label + mismatch, <errorcode>EPERM</errorcode> for lack of + privilege, or <errorcode>ESRCH</errorcode> to hide + visibility of the target. This call may be made in a number + of situations, including use of the &man.ptrace.2; and + &man.ktrace.2; APIs, as well as for some types of procfs + operations.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-access-vnode"> + <title><function>&mac.mpo;_cred_check_access_vnode</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_access_vnode</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>Object; vnode</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>Policy label for + <parameter>vp</parameter></entry> + </row> + + <row> + <entry><parameter>flags</parameter></entry> + <entry>&man.access.2; flags</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine how invocations of &man.access.2; and related + calls by the subject credential should return when performed + on the passed vnode using the passed access flags. Return + <returnvalue>0</returnvalue> for success, or an + <varname>errno</varname> value for failure. Suggested + failure: <errorcode>EACCES</errorcode> for label mismatches + or <errorcode>EPERM</errorcode> for lack of + privilege.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-chdir-vnode"> + <title><function>&mac.mpo;_cred_check_chdir_vnode</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_chdir_vnode</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>dvp</parameter></paramdef> + <paramdef>struct label + *<parameter>dlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>dvp</parameter></entry> + <entry>Object; vnode to &man.chdir.2; into</entry> + </row> + + <row> + <entry><parameter>dlabel</parameter></entry> + <entry>Policy label for + <parameter>dvp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject credential can change the + process working directory to the passed vnode. Return + <returnvalue>0</returnvalue> for success, or an + <varname>errno</varname> value for failure. Suggested + failure: <errorcode>EACCES</errorcode> for label mismatch, + or <errorcode>EPERM</errorcode> for lack of + privilege.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-create-vnode"> + <title><function>&mac.mpo;_cred_check_create_vnode</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_cred_check_create_vnode</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>dvp</parameter></paramdef> + <paramdef>struct label + *<parameter>dlabel</parameter></paramdef> + <paramdef>struct componentname + *<parameter>cnp</parameter></paramdef> >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207252226.g6PMQcYk049978>