int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
MAC_CHECK(cred_check_visible, u1, u2);
-
return (error);
}
-/*
- * called with process locked.
- */
-void mac_proc_set_enforce(proc_t p, int enforce_flags)
-{
- p->p_mac_enforce |= enforce_flags;
-}
-
int
mac_proc_check_debug(proc_t curp, struct proc *proc)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
-
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_debug, cred, proc);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
-
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_fork, cred, curp);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_vm_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_vm_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(proc, MAC_VM_ENFORCE))
+ if (!mac_proc_check_enforce(proc))
return (0);
cred = kauth_cred_proc_ref(proc);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_vm_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_vm_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(proc, MAC_VM_ENFORCE))
- return (0);
+ if (!mac_proc_check_enforce(proc))
+ return (0);
cred = kauth_cred_proc_ref(proc);
MAC_CHECK(proc_check_mprotect, cred, proc, addr, size, prot);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
-
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_sched, cred, proc);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
-
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_signal, cred, proc, signum);
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_wait, cred, proc);
return (error);
}
+void
+mac_proc_notify_exit(struct proc *proc)
+{
+ MAC_PERFORM(proc_notify_exit, proc);
+}
+
int
mac_proc_check_suspend_resume(proc_t curp, int sr)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_suspend_resume, cred, curp, sr);
int error = 0;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_ledger, cred, proc, ledger_op);
return (error);
}
-int
-mac_proc_check_cpumon(proc_t curp)
-{
- kauth_cred_t cred;
- int error = 0;
-
-#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
-#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
-
- cred = kauth_cred_proc_ref(curp);
- MAC_CHECK(proc_check_cpumon, cred);
- kauth_cred_unref(&cred);
-
- return (error);
-}
-
int
mac_proc_check_proc_info(proc_t curp, proc_t target, int callnum, int flavor)
{
int error = 0;
#if SECURITY_MAC_CHECK_ENFORCE
- /* 21167099 - only check if we allow write */
- if (!mac_proc_enforce)
- return 0;
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
- return 0;
+ if (!mac_proc_check_enforce(curp))
+ return 0;
cred = kauth_cred_proc_ref(curp);
MAC_CHECK(proc_check_proc_info, cred, target, callnum, flavor);
return (error);
}
-
int
mac_proc_check_get_cs_info(proc_t curp, proc_t target, unsigned int op)
{
if (!mac_proc_enforce)
return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ if (!mac_proc_check_enforce(curp))
return 0;
cred = kauth_cred_proc_ref(curp);
if (!mac_proc_enforce)
return 0;
#endif
- if (!mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+ if (!mac_proc_check_enforce(curp))
return 0;
cred = kauth_cred_proc_ref(curp);
projects / apple / xnu.git / blobdiff