diff options
author | rwatson <rwatson@FreeBSD.org> | 2005-05-04 10:39:15 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2005-05-04 10:39:15 +0000 |
commit | 2197ab2d9342ec86dee8d80f036f78a3fced3ff7 (patch) | |
tree | f0b55e1f47aadd0b1a94b34901f76cb2bd96c403 /sys/sys/mac.h | |
parent | ddd6311fb87bee11285e589301f537f9ea1491b2 (diff) | |
download | FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.zip FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.tar.gz |
Introduce MAC Framework and MAC Policy entry points to label and control
access to POSIX Semaphores:
mac_init_posix_sem() Initialize label for POSIX semaphore
mac_create_posix_sem() Create POSIX semaphore
mac_destroy_posix_sem() Destroy POSIX semaphore
mac_check_posix_sem_destroy() Check whether semaphore may be destroyed
mac_check_posix_sem_getvalue() Check whether semaphore may be queried
mac_check_possix_sem_open() Check whether semaphore may be opened
mac_check_posix_sem_post() Check whether semaphore may be posted to
mac_check_posix_sem_unlink() Check whether semaphore may be unlinked
mac_check_posix_sem_wait() Check whether may wait on semaphore
Update Biba, MLS, Stub, and Test policies to implement these entry points.
For information flow policies, most semaphore operations are effectively
read/write.
Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Sponsored by: DARPA, McAfee, SPARTA
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/sys/mac.h')
-rw-r--r-- | sys/sys/mac.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sys/sys/mac.h b/sys/sys/mac.h index 8e5037a..38c85ff 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -116,6 +116,7 @@ struct inpcb; struct image_params; struct inpcb; struct ipq; +struct ksem; struct m_tag; struct mbuf; struct mount; @@ -155,6 +156,7 @@ void mac_init_sysv_shm(struct shmid_kernel*); int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); void mac_init_pipe(struct pipepair *); +void mac_init_posix_sem(struct ksem *); int mac_init_mbuf(struct mbuf *mbuf, int flag); int mac_init_mbuf_tag(struct m_tag *, int flag); void mac_init_mount(struct mount *); @@ -174,6 +176,7 @@ void mac_destroy_sysv_shm(struct shmid_kernel *); void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipepair *); +void mac_destroy_posix_sem(struct ksem *); void mac_destroy_proc(struct proc *); void mac_destroy_mbuf_tag(struct m_tag *); void mac_destroy_mount(struct mount *); @@ -233,6 +236,12 @@ void mac_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr); /* + * Labeling event operations: POSIX (global/inter-process) semaphores. + */ +void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); + + +/* * Labeling event operations: network objects. */ void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); @@ -329,6 +338,12 @@ int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); +int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr); +int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr); +int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr); +int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr); +int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr); +int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr); int mac_check_proc_debug(struct ucred *cred, struct proc *proc); int mac_check_proc_sched(struct ucred *cred, struct proc *proc); int mac_check_proc_setuid(struct proc *proc, struct ucred *cred, |