master
1/*-
2 * Copyright (c) 2008 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed by Robert Watson for the TrustedBSD Project.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#ifndef _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H
30#define _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H
31
32/*
33 * Central access control routines used by object-specific checks.
34 */
35int ugidfw_accmode2mbi(accmode_t accmode);
36int ugidfw_check(struct ucred *cred, struct vnode *vp, struct vattr *vap,
37 int acc_mode);
38int ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode);
39
40/*
41 * System access control checks.
42 */
43int ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp,
44 struct label *vplabel);
45int ugidfw_system_check_auditctl(struct ucred *cred, struct vnode *vp,
46 struct label *vplabel);
47int ugidfw_system_check_swapon(struct ucred *cred, struct vnode *vp,
48 struct label *vplabel);
49
50/*
51 * Vnode access control checks.
52 */
53int ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp,
54 struct label *vplabel, accmode_t accmode);
55int ugidfw_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
56 struct label *dvplabel);
57int ugidfw_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
58 struct label *dvplabel);
59int ugidfw_check_create_vnode(struct ucred *cred, struct vnode *dvp,
60 struct label *dvplabel, struct componentname *cnp,
61 struct vattr *vap);
62int ugidfw_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
63 struct label *vplabel, acl_type_t type);
64int ugidfw_vnode_check_deleteextattr(struct ucred *cred,
65 struct vnode *vp, struct label *vplabel, int attrnamespace,
66 const char *name);
67int ugidfw_vnode_check_exec(struct ucred *cred, struct vnode *vp,
68 struct label *vplabel, struct image_params *imgp,
69 struct label *execlabel);
70int ugidfw_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
71 struct label *vplabel, acl_type_t type);
72int ugidfw_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
73 struct label *vplabel, int attrnamespace, const char *name);
74int ugidfw_vnode_check_link(struct ucred *cred, struct vnode *dvp,
75 struct label *dvplabel, struct vnode *vp, struct label *label,
76 struct componentname *cnp);
77int ugidfw_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
78 struct label *vplabel, int attrnamespace);
79int ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
80 struct label *dvplabel, struct componentname *cnp);
81int ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp,
82 struct label *vplabel, accmode_t accmode);
83int ugidfw_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
84 struct label *dvplabel);
85int ugidfw_vnode_check_readdlink(struct ucred *cred, struct vnode *vp,
86 struct label *vplabel);
87int ugidfw_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
88 struct label *dvplabel, struct vnode *vp, struct label *vplabel,
89 struct componentname *cnp);
90int ugidfw_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
91 struct label *dvplabel, struct vnode *vp, struct label *vplabel,
92 int samedir, struct componentname *cnp);
93int ugidfw_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
94 struct label *vplabel);
95int ugidfw_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
96 struct label *vplabel, acl_type_t type, struct acl *acl);
97int ugidfw_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
98 struct label *vplabel, int attrnamespace, const char *name);
99int ugidfw_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
100 struct label *vplabel, u_long flags);
101int ugidfw_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
102 struct label *vplabel, mode_t mode);
103int ugidfw_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
104 struct label *vplabel, uid_t uid, gid_t gid);
105int ugidfw_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
106 struct label *vplabel, struct timespec atime,
107 struct timespec utime);
108int ugidfw_vnode_check_stat(struct ucred *active_cred,
109 struct ucred *file_cred, struct vnode *vp, struct label *vplabel);
110int ugidfw_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
111 struct label *dvplabel, struct vnode *vp, struct label *vplabel,
112 struct componentname *cnp);
113
114#endif /* _SYS_SECURITY_MAC_BSDEXTENDED_UGIDFW_INTERNAL_H */