source: rtems-libbsd/freebsd/sys/security/mac/mac_framework.h @ 66659ff

4.1155-freebsd-126-freebsd-12freebsd-9.3
Last change on this file since 66659ff was 66659ff, checked in by Sebastian Huber <sebastian.huber@…>, on 11/06/13 at 15:20:21

Update to FreeBSD 9.2
  • Property mode set to 100644
File size: 19.6 KB
Line 
1/*-
2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson
3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
4 * Copyright (c) 2005-2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
9 * This software was developed for the FreeBSD Project in part by Network
10 * Associates Laboratories, the Security Research Division of Network
11 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
12 * as part of the DARPA CHATS research program.
13 *
14 * This software was enhanced by SPARTA ISSO under SPAWAR contract
15 * N66001-04-C-6019 ("SEFOS").
16 *
17 * This software was developed at the University of Cambridge Computer
18 * Laboratory with support from a grant from Google, Inc.
19 *
20 * Redistribution and use in source and binary forms, with or without
21 * modification, are permitted provided that the following conditions
22 * are met:
23 * 1. Redistributions of source code must retain the above copyright
24 *    notice, this list of conditions and the following disclaimer.
25 * 2. Redistributions in binary form must reproduce the above copyright
26 *    notice, this list of conditions and the following disclaimer in the
27 *    documentation and/or other materials provided with the distribution.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * $FreeBSD$
42 */
43
44/*
45 * Kernel interface for Mandatory Access Control -- how kernel services
46 * interact with the TrustedBSD MAC Framework.
47 */
48
49#ifndef _SECURITY_MAC_MAC_FRAMEWORK_H_
50#define _SECURITY_MAC_MAC_FRAMEWORK_H_
51
52#ifndef _KERNEL
53#error "no user-serviceable parts inside"
54#endif
55
56struct auditinfo;
57struct auditinfo_addr;
58struct bpf_d;
59struct cdev;
60struct componentname;
61struct devfs_dirent;
62struct ifnet;
63struct ifreq;
64struct image_params;
65struct inpcb;
66struct ip6q;
67struct ipq;
68struct ksem;
69struct label;
70struct m_tag;
71struct mac;
72struct mbuf;
73struct mount;
74struct msg;
75struct msqid_kernel;
76struct proc;
77struct semid_kernel;
78struct shmfd;
79struct shmid_kernel;
80struct sockaddr;
81struct socket;
82struct sysctl_oid;
83struct sysctl_req;
84struct pipepair;
85struct thread;
86struct timespec;
87struct ucred;
88struct vattr;
89struct vnode;
90struct vop_setlabel_args;
91
92#include <sys/acl.h>                    /* XXX acl_type_t */
93#include <rtems/bsd/sys/types.h>                        /* accmode_t */
94
95/*
96 * Entry points to the TrustedBSD MAC Framework from the remainder of the
97 * kernel: entry points are named based on a principle object type and an
98 * action relating to it.  They are sorted alphabetically first by object
99 * type and then action.  In some situations, the principle object type is
100 * obvious, and in other cases, less so as multiple objects may be inolved
101 * in the operation.
102 */
103int     mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp);
104void    mac_bpfdesc_create(struct ucred *cred, struct bpf_d *d);
105void    mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m);
106void    mac_bpfdesc_destroy(struct bpf_d *);
107void    mac_bpfdesc_init(struct bpf_d *);
108
109void    mac_cred_associate_nfsd(struct ucred *cred);
110int     mac_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai);
111int     mac_cred_check_setaudit_addr(struct ucred *cred,
112            struct auditinfo_addr *aia);
113int     mac_cred_check_setauid(struct ucred *cred, uid_t auid);
114int     mac_cred_check_setegid(struct ucred *cred, gid_t egid);
115int     mac_cred_check_seteuid(struct ucred *cred, uid_t euid);
116int     mac_cred_check_setgid(struct ucred *cred, gid_t gid);
117int     mac_cred_check_setgroups(struct ucred *cred, int ngroups,
118            gid_t *gidset);
119int     mac_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid);
120int     mac_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
121            gid_t sgid);
122int     mac_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
123            uid_t suid);
124int     mac_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid);
125int     mac_cred_check_setuid(struct ucred *cred, uid_t uid);
126int     mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2);
127void    mac_cred_copy(struct ucred *cr1, struct ucred *cr2);
128void    mac_cred_create_init(struct ucred *cred);
129void    mac_cred_create_swapper(struct ucred *cred);
130void    mac_cred_destroy(struct ucred *);
131void    mac_cred_init(struct ucred *);
132
133void    mac_devfs_create_device(struct ucred *cred, struct mount *mp,
134            struct cdev *dev, struct devfs_dirent *de);
135void    mac_devfs_create_directory(struct mount *mp, char *dirname,
136            int dirnamelen, struct devfs_dirent *de);
137void    mac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
138            struct devfs_dirent *dd, struct devfs_dirent *de);
139void    mac_devfs_destroy(struct devfs_dirent *);
140void    mac_devfs_init(struct devfs_dirent *);
141void    mac_devfs_update(struct mount *mp, struct devfs_dirent *de,
142            struct vnode *vp);
143void    mac_devfs_vnode_associate(struct mount *mp, struct devfs_dirent *de,
144            struct vnode *vp);
145
146int     mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *m);
147void    mac_ifnet_create(struct ifnet *ifp);
148void    mac_ifnet_create_mbuf(struct ifnet *ifp, struct mbuf *m);
149void    mac_ifnet_destroy(struct ifnet *);
150void    mac_ifnet_init(struct ifnet *);
151int     mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr,
152            struct ifnet *ifp);
153int     mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr,
154            struct ifnet *ifp);
155
156int     mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m);
157int     mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp);
158void    mac_inpcb_create(struct socket *so, struct inpcb *inp);
159void    mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m);
160void    mac_inpcb_destroy(struct inpcb *);
161int     mac_inpcb_init(struct inpcb *, int);
162void    mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
163
164void    mac_ip6q_create(struct mbuf *m, struct ip6q *q6);
165void    mac_ip6q_destroy(struct ip6q *q6);
166int     mac_ip6q_init(struct ip6q *q6, int);
167int     mac_ip6q_match(struct mbuf *m, struct ip6q *q6);
168void    mac_ip6q_reassemble(struct ip6q *q6, struct mbuf *m);
169void    mac_ip6q_update(struct mbuf *m, struct ip6q *q6);
170
171void    mac_ipq_create(struct mbuf *m, struct ipq *q);
172void    mac_ipq_destroy(struct ipq *q);
173int     mac_ipq_init(struct ipq *q, int);
174int     mac_ipq_match(struct mbuf *m, struct ipq *q);
175void    mac_ipq_reassemble(struct ipq *q, struct mbuf *m);
176void    mac_ipq_update(struct mbuf *m, struct ipq *q);
177
178int     mac_kenv_check_dump(struct ucred *cred);
179int     mac_kenv_check_get(struct ucred *cred, char *name);
180int     mac_kenv_check_set(struct ucred *cred, char *name, char *value);
181int     mac_kenv_check_unset(struct ucred *cred, char *name);
182
183int     mac_kld_check_load(struct ucred *cred, struct vnode *vp);
184int     mac_kld_check_stat(struct ucred *cred);
185
186void    mac_mbuf_copy(struct mbuf *, struct mbuf *);
187int     mac_mbuf_init(struct mbuf *, int);
188
189void    mac_mbuf_tag_copy(struct m_tag *, struct m_tag *);
190void    mac_mbuf_tag_destroy(struct m_tag *);
191int     mac_mbuf_tag_init(struct m_tag *, int);
192
193int     mac_mount_check_stat(struct ucred *cred, struct mount *mp);
194void    mac_mount_create(struct ucred *cred, struct mount *mp);
195void    mac_mount_destroy(struct mount *);
196void    mac_mount_init(struct mount *);
197
198void    mac_netatalk_aarp_send(struct ifnet *ifp, struct mbuf *m);
199
200void    mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m);
201void    mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend);
202void    mac_netinet_firewall_send(struct mbuf *m);
203void    mac_netinet_fragment(struct mbuf *m, struct mbuf *frag);
204void    mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend);
205void    mac_netinet_icmp_replyinplace(struct mbuf *m);
206void    mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m);
207void    mac_netinet_tcp_reply(struct mbuf *m);
208
209void    mac_netinet6_nd6_send(struct ifnet *ifp, struct mbuf *m);
210
211int     mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
212            unsigned long cmd, void *data);
213int     mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp);
214int     mac_pipe_check_read(struct ucred *cred, struct pipepair *pp);
215int     mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp);
216int     mac_pipe_check_write(struct ucred *cred, struct pipepair *pp);
217void    mac_pipe_create(struct ucred *cred, struct pipepair *pp);
218void    mac_pipe_destroy(struct pipepair *);
219void    mac_pipe_init(struct pipepair *);
220int     mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
221            struct label *label);
222
223int     mac_posixsem_check_getvalue(struct ucred *active_cred,
224            struct ucred *file_cred, struct ksem *ks);
225int     mac_posixsem_check_open(struct ucred *cred, struct ksem *ks);
226int     mac_posixsem_check_post(struct ucred *active_cred,
227            struct ucred *file_cred, struct ksem *ks);
228int     mac_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
229            mode_t mode);
230int     mac_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
231            uid_t uid, gid_t gid);
232int     mac_posixsem_check_stat(struct ucred *active_cred,
233            struct ucred *file_cred, struct ksem *ks);
234int     mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks);
235int     mac_posixsem_check_wait(struct ucred *active_cred,
236            struct ucred *file_cred, struct ksem *ks);
237void    mac_posixsem_create(struct ucred *cred, struct ksem *ks);
238void    mac_posixsem_destroy(struct ksem *);
239void    mac_posixsem_init(struct ksem *);
240
241int     mac_posixshm_check_create(struct ucred *cred, const char *path);
242int     mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,
243            int prot, int flags);
244int     mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
245            accmode_t accmode);
246int     mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
247            mode_t mode);
248int     mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
249            uid_t uid, gid_t gid);
250int     mac_posixshm_check_stat(struct ucred *active_cred,
251            struct ucred *file_cred, struct shmfd *shmfd);
252int     mac_posixshm_check_truncate(struct ucred *active_cred,
253            struct ucred *file_cred, struct shmfd *shmfd);
254int     mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd);
255void    mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd);
256void    mac_posixshm_destroy(struct shmfd *);
257void    mac_posixshm_init(struct shmfd *);
258
259int     mac_priv_check(struct ucred *cred, int priv);
260int     mac_priv_grant(struct ucred *cred, int priv);
261
262int     mac_proc_check_debug(struct ucred *cred, struct proc *p);
263int     mac_proc_check_sched(struct ucred *cred, struct proc *p);
264int     mac_proc_check_signal(struct ucred *cred, struct proc *p,
265            int signum);
266int     mac_proc_check_wait(struct ucred *cred, struct proc *p);
267void    mac_proc_destroy(struct proc *);
268void    mac_proc_init(struct proc *);
269void    mac_proc_vm_revoke(struct thread *td);
270int     mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
271void    mac_execve_exit(struct image_params *imgp);
272void    mac_execve_interpreter_enter(struct vnode *interpvp,
273            struct label **interplabel);
274void    mac_execve_interpreter_exit(struct label *interpvplabel);
275
276int     mac_socket_check_accept(struct ucred *cred, struct socket *so);
277int     mac_socket_check_bind(struct ucred *cred, struct socket *so,
278            struct sockaddr *sa);
279int     mac_socket_check_connect(struct ucred *cred, struct socket *so,
280            struct sockaddr *sa);
281int     mac_socket_check_create(struct ucred *cred, int domain, int type,
282            int proto);
283int     mac_socket_check_deliver(struct socket *so, struct mbuf *m);
284int     mac_socket_check_listen(struct ucred *cred, struct socket *so);
285int     mac_socket_check_poll(struct ucred *cred, struct socket *so);
286int     mac_socket_check_receive(struct ucred *cred, struct socket *so);
287int     mac_socket_check_send(struct ucred *cred, struct socket *so);
288int     mac_socket_check_stat(struct ucred *cred, struct socket *so);
289int     mac_socket_check_visible(struct ucred *cred, struct socket *so);
290void    mac_socket_create_mbuf(struct socket *so, struct mbuf *m);
291void    mac_socket_create(struct ucred *cred, struct socket *so);
292void    mac_socket_destroy(struct socket *);
293int     mac_socket_init(struct socket *, int);
294void    mac_socket_newconn(struct socket *oldso, struct socket *newso);
295int     mac_getsockopt_label(struct ucred *cred, struct socket *so,
296            struct mac *extmac);
297int     mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
298            struct mac *extmac);
299int     mac_setsockopt_label(struct ucred *cred, struct socket *so,
300            struct mac *extmac);
301
302void    mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so);
303void    mac_socketpeer_set_from_socket(struct socket *oldso,
304            struct socket *newso);
305
306void    mac_syncache_create(struct label *l, struct inpcb *inp);
307void    mac_syncache_create_mbuf(struct label *l, struct mbuf *m);
308void    mac_syncache_destroy(struct label **l);
309int     mac_syncache_init(struct label **l);
310
311int     mac_system_check_acct(struct ucred *cred, struct vnode *vp);
312int     mac_system_check_audit(struct ucred *cred, void *record, int length);
313int     mac_system_check_auditctl(struct ucred *cred, struct vnode *vp);
314int     mac_system_check_auditon(struct ucred *cred, int cmd);
315int     mac_system_check_reboot(struct ucred *cred, int howto);
316int     mac_system_check_swapon(struct ucred *cred, struct vnode *vp);
317int     mac_system_check_swapoff(struct ucred *cred, struct vnode *vp);
318int     mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
319            void *arg1, int arg2, struct sysctl_req *req);
320
321void    mac_sysvmsg_cleanup(struct msg *msgptr);
322void    mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
323            struct msg *msgptr);
324void    mac_sysvmsg_destroy(struct msg *);
325void    mac_sysvmsg_init(struct msg *);
326
327int     mac_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
328            struct msqid_kernel *msqkptr);
329int     mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr);
330int     mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr);
331int     mac_sysvmsq_check_msqctl(struct ucred *cred,
332            struct msqid_kernel *msqkptr, int cmd);
333int     mac_sysvmsq_check_msqget(struct ucred *cred,
334            struct msqid_kernel *msqkptr);
335int     mac_sysvmsq_check_msqrcv(struct ucred *cred,
336            struct msqid_kernel *msqkptr);
337int     mac_sysvmsq_check_msqsnd(struct ucred *cred,
338            struct msqid_kernel *msqkptr);
339void    mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr);
340void    mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr);
341void    mac_sysvmsq_destroy(struct msqid_kernel *);
342void    mac_sysvmsq_init(struct msqid_kernel *);
343
344int     mac_sysvsem_check_semctl(struct ucred *cred,
345            struct semid_kernel *semakptr, int cmd);
346int     mac_sysvsem_check_semget(struct ucred *cred,
347           struct semid_kernel *semakptr);
348int     mac_sysvsem_check_semop(struct ucred *cred,
349            struct semid_kernel *semakptr, size_t accesstype);
350void    mac_sysvsem_cleanup(struct semid_kernel *semakptr);
351void    mac_sysvsem_create(struct ucred *cred,
352            struct semid_kernel *semakptr);
353void    mac_sysvsem_destroy(struct semid_kernel *);
354void    mac_sysvsem_init(struct semid_kernel *);
355
356int     mac_sysvshm_check_shmat(struct ucred *cred,
357            struct shmid_kernel *shmsegptr, int shmflg);
358int     mac_sysvshm_check_shmctl(struct ucred *cred,
359            struct shmid_kernel *shmsegptr, int cmd);
360int     mac_sysvshm_check_shmdt(struct ucred *cred,
361            struct shmid_kernel *shmsegptr);
362int     mac_sysvshm_check_shmget(struct ucred *cred,
363            struct shmid_kernel *shmsegptr, int shmflg);
364void    mac_sysvshm_cleanup(struct shmid_kernel *shmsegptr);
365void    mac_sysvshm_create(struct ucred *cred,
366            struct shmid_kernel *shmsegptr);
367void    mac_sysvshm_destroy(struct shmid_kernel *);
368void    mac_sysvshm_init(struct shmid_kernel *);
369
370void    mac_thread_userret(struct thread *td);
371
372int     mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp);
373void    mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp);
374int     mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
375            accmode_t accmode);
376int     mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
377int     mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
378int     mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
379            struct componentname *cnp, struct vattr *vap);
380int     mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
381            acl_type_t type);
382int     mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
383            int attrnamespace, const char *name);
384int     mac_vnode_check_exec(struct ucred *cred, struct vnode *vp,
385            struct image_params *imgp);
386int     mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
387            acl_type_t type);
388int     mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
389            int attrnamespace, const char *name);
390int     mac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
391            struct vnode *vp, struct componentname *cnp);
392int     mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
393            int attrnamespace);
394int     mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
395            struct componentname *cnp);
396int     mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
397            int flags);
398int     mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
399            int prot);
400int     mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
401            accmode_t accmode);
402int     mac_vnode_check_poll(struct ucred *active_cred,
403            struct ucred *file_cred, struct vnode *vp);
404int     mac_vnode_check_read(struct ucred *active_cred,
405            struct ucred *file_cred, struct vnode *vp);
406int     mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
407int     mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
408int     mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
409            struct vnode *vp, struct componentname *cnp);
410int     mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
411            struct vnode *vp, int samedir, struct componentname *cnp);
412int     mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp);
413int     mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
414            acl_type_t type, struct acl *acl);
415int     mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
416            int attrnamespace, const char *name);
417int     mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
418            u_long flags);
419int     mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
420            mode_t mode);
421int     mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
422            uid_t uid, gid_t gid);
423int     mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
424            struct timespec atime, struct timespec mtime);
425int     mac_vnode_check_stat(struct ucred *active_cred,
426            struct ucred *file_cred, struct vnode *vp);
427int     mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
428            struct vnode *vp, struct componentname *cnp);
429int     mac_vnode_check_write(struct ucred *active_cred,
430            struct ucred *file_cred, struct vnode *vp);
431void    mac_vnode_copy_label(struct label *, struct label *);
432void    mac_vnode_init(struct vnode *);
433int     mac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
434            struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
435void    mac_vnode_destroy(struct vnode *);
436void    mac_vnode_execve_transition(struct ucred *oldcred,
437            struct ucred *newcred, struct vnode *vp,
438            struct label *interpvplabel, struct image_params *imgp);
439int     mac_vnode_execve_will_transition(struct ucred *cred,
440            struct vnode *vp, struct label *interpvplabel,
441            struct image_params *imgp);
442void    mac_vnode_relabel(struct ucred *cred, struct vnode *vp,
443            struct label *newlabel);
444
445/*
446 * Calls to help various file systems implement labeling functionality using
447 * their existing EA implementation.
448 */
449int     vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
450
451#endif /* !_SECURITY_MAC_MAC_FRAMEWORK_H_ */
Note: See TracBrowser for help on using the repository browser.