Changeset View
Changeset View
Standalone View
Standalone View
sys/security/mac_bsdextended/mac_bsdextended.h
Show First 20 Lines • Show All 48 Lines • ▼ Show 20 Lines | |||||
#define MBI_WRITE 000200 | #define MBI_WRITE 000200 | ||||
#define MBI_READ 000400 | #define MBI_READ 000400 | ||||
#define MBI_ADMIN 010000 | #define MBI_ADMIN 010000 | ||||
#define MBI_STAT 020000 | #define MBI_STAT 020000 | ||||
#define MBI_APPEND 040000 | #define MBI_APPEND 040000 | ||||
#define MBI_ALLPERM (MBI_EXEC | MBI_WRITE | MBI_READ | MBI_ADMIN | \ | #define MBI_ALLPERM (MBI_EXEC | MBI_WRITE | MBI_READ | MBI_ADMIN | \ | ||||
MBI_STAT | MBI_APPEND) | MBI_STAT | MBI_APPEND) | ||||
#define MBI_ASLR_ENABLED 0x01 | |||||
#define MBI_ASLR_DISABLED 0x02 | |||||
#define MBI_ALLPAX (MBI_ASLR_ENABLED | MBI_ASLR_DISABLED) | |||||
rwatson: These don't belong here: they are not used in the policy, and should not be visible outside of… | |||||
Not Done Inline ActionsWill address in the next patch. lattera-gmail.com: Will address in the next patch. | |||||
#define MBS_UID_DEFINED 0x00000001 /* uid field should be matched */ | #define MBS_UID_DEFINED 0x00000001 /* uid field should be matched */ | ||||
#define MBS_GID_DEFINED 0x00000002 /* gid field should be matched */ | #define MBS_GID_DEFINED 0x00000002 /* gid field should be matched */ | ||||
#define MBS_PRISON_DEFINED 0x00000004 /* prison field should be matched */ | #define MBS_PRISON_DEFINED 0x00000004 /* prison field should be matched */ | ||||
#define MBS_ALL_FLAGS (MBS_UID_DEFINED | MBS_GID_DEFINED | MBS_PRISON_DEFINED) | #define MBS_ALL_FLAGS (MBS_UID_DEFINED | MBS_GID_DEFINED | MBS_PRISON_DEFINED) | ||||
struct mac_bsdextended_subject { | struct mac_bsdextended_subject { | ||||
int mbs_flags; | int mbs_flags; | ||||
▲ Show 20 Lines • Show All 50 Lines • Show Last 20 Lines |
These don't belong here: they are not used in the policy, and should not be visible outside of the policy. If you want to use mac_bsdextended to manage this in the future, you need a separate set of flags that are globally defined in the kernel, and then a mapping within mac_bsdextended. See also similar vnode permission flags.