X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/743345f9a4b36f7e2f9ba37691e70c50baecb56e..d26ffc64f583ab2d29df48f13518685602bc8832:/security/mac_framework.h diff --git a/security/mac_framework.h b/security/mac_framework.h index e64a43dd4..81a4839c8 100644 --- a/security/mac_framework.h +++ b/security/mac_framework.h @@ -273,6 +273,8 @@ int mac_mount_check_snapshot_create(vfs_context_t ctx, struct mount *mp, const char *name); int mac_mount_check_snapshot_delete(vfs_context_t ctx, struct mount *mp, const char *name); +int mac_mount_check_snapshot_revert(vfs_context_t ctx, struct mount *mp, + const char *name); int mac_mount_check_remount(vfs_context_t ctx, struct mount *mp); int mac_mount_check_setattr(vfs_context_t ctx, struct mount *mp, struct vfs_attr *vfa); @@ -339,7 +341,6 @@ void mac_posixshm_label_init(struct pshminfo *pshm); int mac_priv_check(kauth_cred_t cred, int priv); int mac_priv_grant(kauth_cred_t cred, int priv); int mac_proc_check_debug(proc_t proc1, proc_t proc2); -int mac_proc_check_cpumon(proc_t curp); int mac_proc_check_proc_info(proc_t curp, proc_t target, int callnum, int flavor); int mac_proc_check_get_cs_info(proc_t curp, proc_t target, unsigned int op); int mac_proc_check_set_cs_info(proc_t curp, proc_t target, unsigned int op); @@ -367,7 +368,7 @@ int mac_proc_check_setlcid(proc_t proc1, proc_t proc2, int mac_proc_check_signal(proc_t proc1, proc_t proc2, int signum); int mac_proc_check_wait(proc_t proc1, proc_t proc2); -void mac_proc_set_enforce(proc_t p, int enforce_flags); +void mac_proc_notify_exit(proc_t proc); int mac_setsockopt_label(kauth_cred_t cred, struct socket *so, struct mac *extmac); int mac_socket_check_accept(kauth_cred_t cred, struct socket *so); @@ -379,6 +380,8 @@ int mac_socket_check_connect(kauth_cred_t cred, struct socket *so, int mac_socket_check_create(kauth_cred_t cred, int domain, int type, int protocol); int mac_socket_check_deliver(struct socket *so, struct mbuf *m); +int mac_socket_check_ioctl(kauth_cred_t cred, struct socket *so, + unsigned int cmd); int mac_socket_check_kqfilter(kauth_cred_t cred, struct knote *kn, struct socket *so); int mac_socket_check_listen(kauth_cred_t cred, struct socket *so); @@ -500,6 +503,8 @@ int mac_vnode_check_link(vfs_context_t ctx, struct vnode *dvp, int mac_vnode_check_listextattr(vfs_context_t ctx, struct vnode *vp); int mac_vnode_check_lookup(vfs_context_t ctx, struct vnode *dvp, struct componentname *cnp); +int mac_vnode_check_lookup_preflight(vfs_context_t ctx, struct vnode *dvp, + const char *path, size_t pathlen); int mac_vnode_check_open(vfs_context_t ctx, struct vnode *vp, int acc_mode); int mac_vnode_check_read(vfs_context_t ctx, @@ -529,11 +534,13 @@ int mac_vnode_check_setowner(vfs_context_t ctx, struct vnode *vp, int mac_vnode_check_setutimes(vfs_context_t ctx, struct vnode *vp, struct timespec atime, struct timespec mtime); int mac_vnode_check_signature(struct vnode *vp, - struct cs_blob *cs_blob, struct image_params *imgp, - unsigned int *cs_flags, - int flags); + struct cs_blob *cs_blob, struct image_params *imgp, + unsigned int *cs_flags, unsigned int *signer_type, + int flags); int mac_vnode_check_stat(vfs_context_t ctx, kauth_cred_t file_cred, struct vnode *vp); +int mac_vnode_check_trigger_resolve(vfs_context_t ctx, struct vnode *dvp, + struct componentname *cnp); int mac_vnode_check_truncate(vfs_context_t ctx, kauth_cred_t file_cred, struct vnode *vp); int mac_vnode_check_uipc_bind(vfs_context_t ctx, struct vnode *dvp, @@ -589,6 +596,8 @@ void mac_pty_notify_close(proc_t p, struct tty *tp, dev_t dev, struct label *lab int mac_kext_check_load(kauth_cred_t cred, const char *identifier); int mac_kext_check_unload(kauth_cred_t cred, const char *identifier); int mac_kext_check_query(kauth_cred_t cred); +int mac_skywalk_flow_check_connect(proc_t p, void *flow, const struct sockaddr *addr, int type, int protocol); +int mac_skywalk_flow_check_listen(proc_t p, void *flow, const struct sockaddr *addr, int type, int protocol); void psem_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx); void pshm_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx);