summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjhb <jhb@FreeBSD.org>2008-06-23 21:37:53 +0000
committerjhb <jhb@FreeBSD.org>2008-06-23 21:37:53 +0000
commit437891381c13fcfea1097ae4d151f60dbcd8f601 (patch)
tree99442461adc39a20433f25399980988944e1cf03
parent0203c01701d045d8cccc12f303fdd5dc4c2a6c1b (diff)
downloadFreeBSD-src-437891381c13fcfea1097ae4d151f60dbcd8f601.zip
FreeBSD-src-437891381c13fcfea1097ae4d151f60dbcd8f601.tar.gz
Remove the posixsem_check_destroy() MAC check. It is semantically identical
to doing a MAC check for close(), but no other types of close() (including close(2) and ksem_close(2)) have MAC checks. Discussed with: rwatson
Diffstat
-rw-r--r--sys/kern/uipc_sem.c5
-rw-r--r--sys/security/mac/mac_framework.h1
-rw-r--r--sys/security/mac/mac_policy.h3
-rw-r--r--sys/security/mac/mac_posix_sem.c10
-rw-r--r--sys/security/mac_biba/mac_biba.c1
-rw-r--r--sys/security/mac_mls/mac_mls.c1
-rw-r--r--sys/security/mac_stub/mac_stub.c9
-rw-r--r--sys/security/mac_test/mac_test.c14
8 files changed, 0 insertions, 44 deletions
diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c
index a91096f..9603b1d 100644
--- a/sys/kern/uipc_sem.c
+++ b/sys/kern/uipc_sem.c
@@ -807,11 +807,6 @@ ksem_destroy(struct thread *td, struct ksem_destroy_args *uap)
error = EINVAL;
goto err;
}
-#ifdef MAC
- error = mac_posixsem_check_destroy(td->td_ucred, ks);
- if (error)
- goto err;
-#endif
if (ks->ks_waiters != 0) {
error = EBUSY;
goto err;
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 9b02e4f..c68d2d1 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -189,7 +189,6 @@ void mac_pipe_init(struct pipepair *);
int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
struct label *label);
-int mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks);
int mac_posixsem_check_getvalue(struct ucred *cred,struct ksem *ks);
int mac_posixsem_check_open(struct ucred *cred, struct ksem *ks);
int mac_posixsem_check_post(struct ucred *cred, struct ksem *ks);
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 8f27ebb..f0fa755 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -288,8 +288,6 @@ typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
struct label *oldlabel, struct label *newlabel);
-typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred,
- struct ksem *ks, struct label *kslabel);
typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred,
@@ -741,7 +739,6 @@ struct mac_policy_ops {
mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
mpo_pipe_relabel_t mpo_pipe_relabel;
- mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy;
mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue;
mpo_posixsem_check_open_t mpo_posixsem_check_open;
mpo_posixsem_check_post_t mpo_posixsem_check_post;
diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c
index 4b40142..68fb56c 100644
--- a/sys/security/mac/mac_posix_sem.c
+++ b/sys/security/mac/mac_posix_sem.c
@@ -91,16 +91,6 @@ mac_posixsem_create(struct ucred *cred, struct ksem *ks)
}
int
-mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks)
-{
- int error;
-
- MAC_CHECK(posixsem_check_destroy, cred, ks, ks->ks_label);
-
- return (error);
-}
-
-int
mac_posixsem_check_open(struct ucred *cred, struct ksem *ks)
{
int error;
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 08b735f..4c0c85b 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -3334,7 +3334,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_pipe_internalize_label = biba_internalize_label,
.mpo_pipe_relabel = biba_pipe_relabel,
- .mpo_posixsem_check_destroy = biba_posixsem_check_write,
.mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly,
.mpo_posixsem_check_open = biba_posixsem_check_write,
.mpo_posixsem_check_post = biba_posixsem_check_write,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index d92b739..cff9d88 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2957,7 +2957,6 @@ static struct mac_policy_ops mls_ops =
.mpo_pipe_internalize_label = mls_internalize_label,
.mpo_pipe_relabel = mls_pipe_relabel,
- .mpo_posixsem_check_destroy = mls_posixsem_check_write,
.mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly,
.mpo_posixsem_check_open = mls_posixsem_check_write,
.mpo_posixsem_check_post = mls_posixsem_check_write,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 6c8f2f5..34f5cad 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -523,14 +523,6 @@ stub_pipe_relabel(struct ucred *cred, struct pipepair *pp,
}
static int
-stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
-
- return (0);
-}
-
-static int
stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
struct label *kslabel)
{
@@ -1587,7 +1579,6 @@ static struct mac_policy_ops stub_ops =
.mpo_pipe_internalize_label = stub_internalize_label,
.mpo_pipe_relabel = stub_pipe_relabel,
- .mpo_posixsem_check_destroy = stub_posixsem_check_destroy,
.mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue,
.mpo_posixsem_check_open = stub_posixsem_check_open,
.mpo_posixsem_check_post = stub_posixsem_check_post,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index bacebd4..8a3d646 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -1010,19 +1010,6 @@ test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
COUNTER_INC(pipe_relabel);
}
-COUNTER_DECL(posixsem_check_destroy);
-static int
-test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
-
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_destroy);
-
- return (0);
-}
-
COUNTER_DECL(posixsem_check_getvalue);
static int
test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
@@ -2886,7 +2873,6 @@ static struct mac_policy_ops test_ops =
.mpo_pipe_internalize_label = test_pipe_internalize_label,
.mpo_pipe_relabel = test_pipe_relabel,
- .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
.mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
.mpo_posixsem_check_open = test_posixsem_check_open,
.mpo_posixsem_check_post = test_posixsem_check_post,
OpenPOWER on IntegriCloud