diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-10-21 18:05:12 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-10-21 18:05:12 +0000 |
| commit | a47467b82608677032aeb27744c4115f01ad284a (patch) | |
| tree | 8c6852c4e6467d203f73080e70107b9bd585fc12 | |
| parent | 25b8d9a4ba7701e48768e7915b5db5e2e616a9ea (diff) | |
| download | FreeBSD-src-a47467b82608677032aeb27744c4115f01ad284a.zip FreeBSD-src-a47467b82608677032aeb27744c4115f01ad284a.tar.gz | |
Demote sockets to single-label objects rather than maintaining a
range on them, leaving process credentials as the only kernel
objects with label ranges in the Biba and MLS policies. We
weren't using the range in any access control decisions, so this
lets us garbage collect effectively unused code.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 16 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 16 |
2 files changed, 0 insertions, 32 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index e2a2ec3..0c3a474 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -407,19 +407,6 @@ mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; } -static void -mac_biba_copy_single_to_range(struct mac_biba *labelfrom, - struct mac_biba *labelto) -{ - - KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_copy_single_to_range: labelfrom not single")); - - labelto->mb_rangelow = labelfrom->mb_single; - labelto->mb_rangehigh = labelfrom->mb_single; - labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; -} - /* * Policy module operations. */ @@ -694,7 +681,6 @@ mac_biba_create_socket(struct ucred *cred, struct socket *socket, dest = SLOT(socketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_single_to_range(source, dest); } static void @@ -720,7 +706,6 @@ mac_biba_create_socket_from_socket(struct socket *oldsocket, dest = SLOT(newsocketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); } static void @@ -733,7 +718,6 @@ mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, dest = SLOT(socketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); } static void diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 8938ded..7e66440 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -396,19 +396,6 @@ mac_mls_copy_single(struct mac_mls *labelfrom, struct mac_mls *labelto) labelto->mm_flags |= MAC_MLS_FLAG_SINGLE; } -static void -mac_mls_copy_single_to_range(struct mac_mls *labelfrom, - struct mac_mls *labelto) -{ - - KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_copy_single_to_range: labelfrom not single")); - - labelto->mm_rangelow = labelfrom->mm_single; - labelto->mm_rangehigh = labelfrom->mm_single; - labelto->mm_flags |= MAC_MLS_FLAG_RANGE; -} - /* * Policy module operations. */ @@ -686,7 +673,6 @@ mac_mls_create_socket(struct ucred *cred, struct socket *socket, dest = SLOT(socketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_single_to_range(source, dest); } static void @@ -712,7 +698,6 @@ mac_mls_create_socket_from_socket(struct socket *oldsocket, dest = SLOT(newsocketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); } static void @@ -725,7 +710,6 @@ mac_mls_relabel_socket(struct ucred *cred, struct socket *socket, dest = SLOT(socketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); } static void |
